Drop Win Event message based on text file content

View thread

habrosec

I'm attempting to use NXLog (community edition atm) to read in active directory logs into NXLog and output to syslog/json. I have a text file (one username per line) that I need to be able to compare to the username in the Windows event logs from AD. I need to be able to drop messages that the username in the Windows AD Event logs if it matches a username in the text file of usernames.

I've spent quite a bit of time googling and reading documentation and haven't found a method to achieve this. Can anyone assit?