support to EXCLUDE source hosts/networks?

[rosseison]

Is it possible to EXCLUDE source hosts/networks such that their messages are NOT forwarded?

Example:
I have some hosts (firewalls) that send GBs of log messages every day and I don't want to forward those messages to our Solarwinds server, because it simply can't handle the load.

$data _center_network: 10.1.0.0/255.255.0.0
$firewall: 10.1.1.10
$solarwinds: 10.1.2.3

So, I'd like to be able to keep my configuration very simple by having something like this in my config:

$data _center_network:$solarwinds/514, !$firewall

I realize that I could just define every host I want logs forwarded from in the samplicator config, but that means I have to edit that config every time I have a new or changed router or switch.

[TSheahan]

In our environment I solved this and other cases (such as wanting to prohibit hairpinning another syslog server) by running samplicator and customizing iptables

to implement your case -

(presuming earlier iptables -X to flush chains such as syslog_out)
iptables -N syslog_out
iptables -A OUTPUT -p udp --dport 514 -j syslog_out
iptables -A syslog_out -s $firewall -d $solarwinds -j DROP
iptables -A syslog_out -j ACCEPT