How to filter Windows Server event by level
tevfikceydeliler
Hi,
I install NXLog Enterprise Edition v5 trial
And try to filter out events before send to SIEM. I can get some events and see SIEM side. But when I create fake event , cannot see all.
What I want? I want to forward Windows server APP, SEC ve SYS logs that have only WARNING,ERROR and CRITICAL levels in CEF format
Is that config part correct?
Module xm_syslog
Module xm_cef
Module im_msvistalog
# For windows 2003 and earlier use the following:
# Module im_mseventlog
# Channel Security
*[System/Level<4]
*[System/Level<4]
*[System/Level<4]