Informational

Here is an example of how to ignore all events that the "message_info" field is equal to "Address spoofing":

props.conf:
[checkpoint:syslog]
TRANSFORMS-null=setnullCheckpoint

transforms.conf
[setnullCheckpoint]
REGEX=message_info="Address spoofing"
DEST_KEY=queue
FORMAT=nullQueue