Hi,

I am using this code snipping

<Input EventLOG>Module im_msvistalogExec if ($TargetUserName == 'SYSTEM') OR ($EventType == 'VERBOSE') drop();</Input>

This is working fine with my nx-Client at Windows 11. It push notification at my debian server with installed rsyslog server.

But I want to have some specific ID´s from Windows Eventlog.( e.g. 5013, 10016, 4616, 6869)

Can anybody point me to the right way?

Thanks in Advance for every help.

Heinz