Could someone please point me to some documentation for how to do this? I want to ignore certain log messages coming from a designated source agent. I've been scratching my head over this for hours. We have some file audit logs that are writing log messages at a rate of hundreds per second and I need to drop some of them.
So, just to be clear, I'm not talking about alerting or filtering or anything like that. I want the LEM to drop the log message and never store it on disk based on the specified criteria. Ideally, it would be helpful if there were a way to tell the remote agent to never send specific log messages based on specified criteria. I don't want to drop all messages from the agent, just ones matching some kind of criteria.
Any help appreciated. Thanks!
-- Andy