NXLog search
Let's talk Start free
Let's talk Start free

fitlering eventlog with GELF_TCP - no information. no errors in log

Tags:
#1 Fl0w

Hello folks, since weeks i am trying to get filtered informations from a domain controller but i dont get the right informations. If i choose the EVENT IDs i want to get, there comes no input on the graylog side but if i select * from Application, Security or System., all the messages are coming. but i dont want that. i only want add,modify,delete account for example. How do i have to do that? Here is one of my spectacular config files with filters:

https://pastebin.com/cptCmt9e

and thats the simple working one

https://pastebin.com/aXt5waFT

Permalink
#2 b0ti Nxlog ✓
#1 Fl0w
Hello folks, since weeks i am trying to get filtered informations from a domain controller but i dont get the right informations. If i choose the EVENT IDs i want to get, there comes no input on the graylog side but if i select * from Application, Security or System., all the messages are coming. but i dont want that. i only want add,modify,delete account for example. How do i have to do that? Here is one of my spectacular config files with filters: https://pastebin.com/cptCmt9e and thats the simple working one https://pastebin.com/aXt5waFT

I suspect there is an issue with the first. Did you check nxlog.log if there are any errors with the first query?

You can replace om_tcp with om_file and check what's written in the file. It will be the same what would be sent to graylog.
Login to see more