Event Log Types
Hello! I an having trouble finding documentation on how/where I would alter the config files to forward all windows logs. I can setup the config to forward logs, which was simple, but specifying which logs to forward is where I am stuck
Jacob,
I think knowing a little more about what you are trying to accomplish could be useful.
From what you wrote, I believe you are wanting to filter your input so that only some of it is sent?
For Microsoft Event Log entries, you are able to filter based on any of the fields available.
This can include $Channel, $EventID, etc. You can also tweak your query so that it only returns a specific channel to begin with.
https://nxlog.co/documentation/nxlog-user-guide/windows-eventlog.html
The first example in the following link will show you how to ignore events that are not a part of an EventID list that you want to keep.
https://nxlog.co/documentation/nxlog-user-guide/ad-domain-controller.html