Request trial
Request Trial

Log filtering by event ID?

Tags:
#1 dmm3369

Hi,

We are testing NXlog to ship the security logs to our security team.  We are using XP embedded and it working fine.  Security is asking us to only send specific event ID's.  I have looked at the documentation and it appears that we may not be able to do this with XP.  I was going to do the custom view but XP does not support that. We are supported on the embedded version of XP.

My question.  Has anyone tried to do this with XP or is it even possible?

Thanks,
David Martin

 

Permalink
#2 adm Nxlog ✓
#1 dmm3369
Hi, We are testing NXlog to ship the security logs to our security team.  We are using XP embedded and it working fine.  Security is asking us to only send specific event ID's.  I have looked at the documentation and it appears that we may not be able to do this with XP.  I was going to do the custom view but XP does not support that. We are supported on the embedded version of XP. My question.  Has anyone tried to do this with XP or is it even possible? Thanks, David Martin  

The crimson EventLog API is only available after Windows Vista and later so it is not possible to use XML filters in im_mseventlog but the traditional NXLog style filtering works across all modules so you can do this:

Exec if $EventID NOT IN (42, 142, 4242) drop();
Login to see more

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS