Thanks for your reply.
What I need to know is how to filter logon events from an administrator Logon. I already make use of the Query list statement to filter Win events but I cannot discriminate between regular users and administrators.
I am wondering if nxlog has a function to help my problem.
Thanks.
I think there is no way to do this automatically in an easy way. The main filtering logic would be something like this though: if $AccountName NOT IN ("Administrator1", "Administrator2") drop();
Comments (2)
Thanks for your reply.
What I need to know is how to filter logon events from an administrator Logon. I already make use of the Query list statement to filter Win events but I cannot discriminate between regular users and administrators.
I am wondering if nxlog has a function to help my problem.
Thanks.
I think there is no way to do this automatically in an easy way. The main filtering logic would be something like this though:
if $AccountName NOT IN ("Administrator1", "Administrator2") drop();
Hope that helps