Figured it all out with help on github, the rule should look like this:
rule "drop headers cron job"
when
contains(to_string($message.message), "COMMAND=/var/www/bin/header.sh")
then
drop_message();
end
--
You received this message because you are subscribed to the Google Groups
I will do that right now, for now I assumed it was me screwing up with my
nginx reverse
proxy: https://groups.google.com/forum/#!topic/graylog2/Plxz6FY3kRo
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and
Thanks Jochen, that looks exactly like what I need.
Unfortunately I cannot save that rule, have to figure this one out now:
Could not save processing rule ""
> Saving rule "" failed with status: cannot POST
>
Hi Ovidiu,
you probably want to use the contains function (
http://docs.graylog.org/en/2.0/pages/pipelines/functions.html#contains) to
check whether the string "COMMAND=/var/www/bin/header.sh" is contained in
the message field and then drop the message.
The specific rule could look like the