Is there a way to prevent certain log entries based on Message content from going through a specific log Action?
I am exporting log entries to syslog on a LibreNMS server, and there are a few specific items we just don't care about...
For example -
We have an automated process that regularly logs in and out of all of our Mikrotiks. It uses the Mikrotik API
Each time it connects and then disconnects, I get Log entries for the login and logout event.
I want to ignore only the specific logins coming from one source IP via API.
I do still want to log all of the other login/logout events for security, I just don't care about the ones that are using the API and a specific source IP.
I know that I could just change the Logging Rule... We are currently using this:
Code: Select all
/system logging add action=librenms topics=info,!firewall,!dhcp
Just want to ignore events where the "Message" matches this regexp:
Code: Select all
^user .* logged .* from 10.20.30.99 via api$
It would be nice if the login "type" (API, SSH, Winbox, etc) was available as a Topic since I could then simply filter on that (wouldn't be perfect but would be better than what we have now).