I'm having an issue getting the built-in priority filter to work correctly. It seems to work fine in filtering based on the value of the syslog records as they arrive at the server. My issue occurs when I add a script action prior to the filter. My script action will update the priority to Debug on some messages in some cases. When this message passes to the next rule, the priority filter doesn't filter the debug records out, it filters as if they were not edited by my script action in the prior rule with the original value.
I know that I can create another script action that effectively filters based on priority that I know will work, because scripts actions seem to get the updates values. I'm just trying to find a shortcut and use the built-in functionality. Does anyone have any experience in this area?
Thanks,
