I have just built a Graylog server to collect log message from Juniper firewall. I have a requirements that I only want to receive log from some customers and default, deny all message. I write a drl file as below but now i don’t receive any log message. So I wonder how graylog-instance read and executive my drl file?. Anyone please help me to address this problem.
rule "Agree all messages that start with Customer-A-Zone"
m : Message( getField(“source-zone-name”) == “Customer-A-Zone” )
rule "Blacklist all message from SRX0 firewall"
m: Message( getField(“source”) == “SRX0” )