Hi All
Having a bit of a problem with excluding lines
Here is my config,
// - type: log
// enabled: true
// paths: ["/var/log/clamd.log"]
// multiline.pattern: "Starting ClamAV Scan"
// multiline.negate: true
// multiline.match: after
// multiline.flush_pattern: "Finished ClamAV Scan"
// exclude_lines: ['SelfCheck', 'reloaded', 'Reading']
// tags: ["clamav"]
Still getting this into Kibana:
// Mon Aug 20 11:59:43 2018 -> Database correctly reloaded (6615382 signatures)****
// Mon Aug 20 11:59:28 2018 -> SelfCheck: Database modification detected. Forcing reload.
// Mon Aug 20 11:59:29 2018 -> Reading databases from /var/lib/clamav
Oddly enough, this is being blocked:
// Mon Aug 20 10:35:19 2018 -> SelfCheck: Database status OK.
Any idea how to completely exclude those lines from going to logstash?
Thank you