im_msvistalog --> Exec if or drop statement understanding problem
Tags:
NXLog Enterprise Edition
#1
hkrischeu
Hi,
I am using this code snipping
<Input EventLOG>Module im_msvistalogExec if ($TargetUserName == 'SYSTEM') OR ($EventType == 'VERBOSE') drop();</Input>
This is working fine with my nx-Client at Windows 11. It push notification at my debian server with installed rsyslog server.
But I want to have some specific ID´s from Windows Eventlog.( e.g. 5013, 10016, 4616, 6869)
Can anybody point me to the right way?
Thanks in Advance for every help.
Heinz
#2
hkrischeu
I tested it with this … but when I start the windows time service which creates eventid 35 / 37 no log is creating.
<Input EventLOG>Module im_msvistalog Exec if not ($EventID in (37,4616,158,64,7040,17,12345,22222)) drop();</Input>
