Dear all,
I have just built a Graylog server to collect log message from Juniper firewall. I have a requirements that I only want to receive log from some customers and default, deny all message. I write a drl file as below but now i don’t receive any log message. So I wonder how graylog-instance read and executive my drl file?. Anyone please help me to address this problem.
import org.graylog2.plugin.Message
import java.util.regex.Matcher
import java.util.regex.Pattern
rule "Agree all messages that start with Customer-A-Zone"
when
m : Message( getField(“source-zone-name”) == “Customer-A-Zone” )
then
m.setFilterOut(false);
end
rule "Blacklist all message from SRX0 firewall"
when
m: Message( getField(“source”) == “SRX0” )
then
m.setFilterOut(true);
end