Nxlog CE agent forwarding all Windows Events despite the query level filter
Olistra
Hello everybody,
I'm trying to filter Windows events log with severity/level only from warning to critical, so from level 1 to 3.
Unfortunately, I tried several configurations, but the agent is still forwarding all the events. Like if there were no filters.
My specifications are, Nxlog CE Agent (version 2.10.2102) on a Windows 10 64 bits build 1803 with this conf :
Panic Soft
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
Module xm_syslog
Module im_msvistalog
*[System[(Level=1 or Level=2 or Level=3)]]
*[System[(Level=1)]]
*[System[(Level=1 or Level=2 or Level=3)]]
*[System[(Level=1 or Level=2 or Level=3)]]
Module pm_buffer
MaxSize 102400
Type disk
Module om_tcp
Host X.X.X.X
Port 514
Exec to_syslog_snare();
Path eventlog => buffer => out
Am I missing something? Did something change recently in the syntax?
Thanks for your help.
Best regards :)