Powershell application logs exclusion
Tags:
#1
Fit_gurl
Hi Guy's,
We are using nxlog community to ship server logs to a lake, powershell logs are collected on the server but we want to exclude shipping them, after much googling i thought it would be as easy as adding this line to the conf:
Exec if ($SourceName == 'PowerShell (PowerShell)' drop();
This does not work, can any experts in NX out there advise?
Thanks, O.
#1
Fit_gurl
Hi Guy's,
We are using nxlog community to ship server logs to a lake,
powershell logs are collected on the server but we want to exclude shipping them,
after much googling i thought it would be as easy as adding this line to the conf:
Exec if ($SourceName == 'PowerShell (PowerShell)' drop();
This does not work, can any experts in NX out there advise?
Thanks,
O.
I would do something like...
Exec if $SourceName =~ /PowerShell (PowerShell)/ drop();
Obviously you want to place that as early as possible in the module, so no other processing gets done with events that are going to be dropped.
