NXLog search
Let's talk Start free
Let's talk Start free

Exclude Windows logs based on process name

Tags: NXLog Community Edition
#1 Alper Demir

I am sending Windows logs to Graylog via nxlog community edition, but certain processes are generating so much logs that I'd rather not send at all, so I'm trying to figure out how to modify nxlog config to exclude logs with specific terms or generated by a specific process using the “ProcessName” field for example. any help would be appreciated.

Permalink
#2 laszlofoldesiDeactivated Nxlog ✓ (Last updated )
#1 Alper Demir
I am sending Windows logs to Graylog via nxlog community edition, but certain processes are generating so much logs that I'd rather not send at all, so I'm trying to figure out how to modify nxlog config to exclude logs with specific terms or generated by a specific process using the “ProcessName” field for example. any help would be appreciated.

Hello Alper!

 

Thanks to contacted with us.

With the drop(); function you have option to exclude the unneccesary events.

Here is an example :

<Input in>
    Module  im_msvistalog
    Exec    if ($TargetUserName == 'SYSTEM') OR \
               ($EventType == 'VERBOSE') drop();
</Input>

I assume you are using the im_msvistalog module, so please also check the module description:

https://docs.nxlog.co/ce/current/index.html#im_msvistalog

In here you can find all field names what you can use for filtering.

For more information about the NXLog languange please read this:
https://docs.nxlog.co/ce/current/index.html#ref-lang

Regards 

Laszlo
Login to see more