im_msvistalog --> Exec if or drop statement understanding problem
hkrischeu
Hi,
I am using this code snipping
<Input EventLOG>Module im_msvistalogExec if ($TargetUserName == 'SYSTEM') OR ($EventType == 'VERBOSE') drop();</Input>
This is working fine with my nx-Client at Windows 11. It push notification at my debian server with installed rsyslog server.
But I want to have some specific ID´s from Windows Eventlog.( e.g. 5013, 10016, 4616, 6869)
Can anybody point me to the right way?
Thanks in Advance for every help.
Heinz
