Remote syslog filtering

Hi,

 

Looking for some help in filtering syslogs that are getting sent to a remote collector.

 

Recently implemented a pair of LTMs (11.4.1 HF8) and the amount of logs being sent are beyond what we want.

 

Examples-

 

info perl[14186]: 01310053:6: ASMConfig change: notice g_server_rpc_handler_async.p debug crond[15680]: pam_unix(crond:session): session opened for user roo

 

So far I've been able to successfully filter out the SSL_acc\req logs by following SOL16932 and addding this include filter - include " filter f_ssl_acc_req { not (facility(local6) and level(info) and match('[ssl_acc\]')) and not (facility(local6) and level(info) and match('[ssl_req\]')); };

 

destination d_remote_loghost { udp(\"10.x.x.x\" port(514) localip(10.x.x.x)); };

 

log { source(s_syslog_pipe); filter(f_ssl_acc_req); destination(d_remote_loghost); }; "

 

Where I'm running into a problem is when trying to modify that include by adding level(notice..emerg); like so- include " filter f_ssl_acc_req { level(notice..emerg);

 

not (facility(local6) and level(info) and match('[ssl_acc\]')) and not (facility(local6) and level(info) and match('[ssl_req\]')); };

 

When I do that I receive this -

 

01070920:3: Application error for confpp: STDERR/STDOUT text begins syntax error in /etc/syslog-ng/syslog-ng.conf at line 1137. STDERR/STDOUT text ends

 

Jul 22 16:38:54 NAV-CT-BIGIP-01.caretracker.and.com confpp[16448]: syntax check command FAILURE for unix_config_syslog returned: '256' Restarting syslog-ng: Shutting down syslog-ng: [ OK ] Starting syslog-ng: [ OK ]

 

Any help is always greatly appreciated!

 

Thanks!