#Blocking snmpd connection information if $programname == 'snmpd' and $msg contains 'Connection from UDP: [192.168.23.21' then stop if $programname == 'snmpd' and $msg contains 'Cannot statfs' then stop # raspberry pi sepcific if $programname == 'snmpd' and $msg contains 'pcilib:' then stop if $programname == 'sudo' and re_match($msg, "Debian-snmp.*USER=root.*COMMAND") then stop