Request trial
Request Trial

fitlering eventlog with GELF_TCP - no information. no errors in log

Tags:
#1 Fl0w

Hello folks, since weeks i am trying to get filtered informations from a domain controller but i dont get the right informations. If i choose the EVENT IDs i want to get, there comes no input on the graylog side but if i select * from Application, Security or System., all the messages are coming. but i dont want that. i only want add,modify,delete account for example. How do i have to do that? Here is one of my spectacular config files with filters:

https://pastebin.com/cptCmt9e

and thats the simple working one

https://pastebin.com/aXt5waFT

Permalink
#2 b0ti Nxlog ✓
#1 Fl0w
Hello folks, since weeks i am trying to get filtered informations from a domain controller but i dont get the right informations. If i choose the EVENT IDs i want to get, there comes no input on the graylog side but if i select * from Application, Security or System., all the messages are coming. but i dont want that. i only want add,modify,delete account for example. How do i have to do that? Here is one of my spectacular config files with filters: https://pastebin.com/cptCmt9e and thats the simple working one https://pastebin.com/aXt5waFT

I suspect there is an issue with the first. Did you check nxlog.log if there are any errors with the first query?

You can replace om_tcp with om_file and check what's written in the file. It will be the same what would be sent to graylog.
Login to see more

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS