From 9cbf59c82718a82887f7326d8f58bc0a185dc292 Mon Sep 17 00:00:00 2001
From: "Sergey G. Brester" <serg.brester@sebres.de>
Date: Thu, 23 Mar 2023 12:16:13 +0100
Subject: [PATCH] anchored datepattern and added journalmatch (if monitoring
 systemd journal)

---
 config/filter.d/nginx-forbidden.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/config/filter.d/nginx-forbidden.conf b/config/filter.d/nginx-forbidden.conf
index 3c54e61e..62d15a41 100644
--- a/config/filter.d/nginx-forbidden.conf
+++ b/config/filter.d/nginx-forbidden.conf
@@ -19,3 +19,7 @@
 [Definition]
 failregex = \[error\] \d+#\d+: \*\d+ access forbidden by rule, client: <HOST>
 ignoreregex =
+
+datepattern = {^LN-BEG}
+
+journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx