I'm pumping syslogs from a Bluesocket controller. Basically I'm just tracking users who successfully authenticate to the wifi. This works great.
The Bluesocket controller sends 4 separate sources. The are called "dhcp:", "user_tracking:", "ids:", and "firewall:" I'd like to drop the other 3 unneeded sources. Can I use a drools rule to drop those unwanted sources? I've tried messing around with elasticsearch directly to delete those messages but I'd prefer to just have graylog drop the sources as they come in. Any input appreciated? -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
