Hi,
I can’t get this to work, maybe some of you have tried this before.
The drop line below works fine syntax wise, but my goal are to get rid of 127.0.0.1 logs, and when i remove the “!” it fails.
Help Are apprecierede
Regards Kai
<Input IIS1>
Module im_file
File "C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex*"
Exec if $MessageSourceAddress != "127.0.0.1" drop ();
ReadFromLast FALSE
Recursive TRUE
PollInterval 1
Exec $FileName = file_name();
Exec if $raw_event =~ /^#/ drop();\
else\
{\
w3c->parse_csv();\
$EventTime = $EventTime - (2 * 3600);\
$SourceName = "IIS";\
}
</Input>