I have an event filter that sends events with severity EMERGENCY, ALERT, and ERROR to syslog and excludes everything else. But, I see a continuous stream of events in syslog with [kern_audit:info:2600] in them also. Typically these are related to SnapCenter backups. Does anyone know how to filter these out? Thanks!
#Filtering syslog. . .
cyan gull
soft forge
You can add an exclude to your event filter and specify that event name:
event filter rule add -type exclude -filter-name customized-filter -message-name event.name.*
cyan gull
What message in the catalog equates to kern_audit?