Specifically, configure syslog-ng to ignore "Reputation check timed out" events
The "Reputation check timed out" event is annoying when an environment is isolated from the Internet.
The External Logging->Log Filter configuration does allow for some control, but only operates on entire classes of events.
NOTE: The following configuration is specific to syslog-ng (https://syslog-ng.org/).
source syslog_udp {
udp(port(514));
};
destination df_sep {
file("/var/log/sep.log");
};
filter reputation_filter {
not message("Reputation check timed out");
};
log {
source(syslog_udp);
filter(reputation_filter);
destination(df_sep);
};