2responses jlference I currently have NXlog community version installed on Windows 2012 R2 server. SEIM Manager is requesting that I stop sending Windows Security Event ID 5156 traffic from server. Is this possible. Thank you. AskedNovember 27, 2017 - 8:54pm Answer the question Leave a comment
b0ti See the User Guide about filtering. AnsweredNovember 28, 2017 - 11:49am Leave a comment Comments (1) markus.wolfram Leave a comment here is how I usually configure the Eventlog-Input: <Input in> Module im_msvistalog Exec if ($EventType == 'VERBOSE') OR ($EventType == 'INFO') OR ($EventType == 'AUDIT_SUCCESS') drop(); Exec if ($SourceName == 'Microsoft-Windows-KnownFolders' AND $EventID == 1002) drop(); </Input> December 15, 2017 - 11:00am
Comments (1)
here is how I usually configure the Eventlog-Input: