Configuring Options for sending Selective events

#1 karthikaravind 7 years ago

Hi,

I am a newbie and trying to configure NXLog on a windows machine to forward logs to a syslog server. With the below configuration, all events are being forwarded to the server. we need only critical and error level events and only Security and System related events to be forwarded to the server. Below is my configuration:

<Extension _syslog>
    Module      xm_syslog
</Extension>
<Input in>
Module      im_msvistalog
</Input>
<Output out>
Module      om_udp
Host        192.168.1.25
Port        514
Exec        to_syslog_snare();
</Output>
<Route 1>
Path        in => out
</Route>

Could some one help me what changes I should make so that only Critical and Error levels should be forwarded and only Security and System events should be forwarded ?

Permalink

#2 adm Nxlog ✓ 7 years ago

#1 karthikaravind

Hi, I am a newbie and trying to configure NXLog on a windows machine to forward logs to a syslog server. With the below configuration, all events are being forwarded to the server. we need only critical and error level events and only Security and System related events to be forwarded to the server. Below is my configuration: <Extension _syslog> Module xm_syslog </Extension> <Input in> Module im_msvistalog </Input> <Output out> Module om_udp Host 192.168.1.25 Port 514 Exec to_syslog_snare(); </Output> <Route 1> Path in => out </Route> Could some one help me what changes I should make so that only Critical and Error levels should be forwarded and only Security and System events should be forwarded ?

You need to use the correct filter in QueryXML that you can test in Event Viewer and copy it over into your conf.