Restrict sending Windows logs to Graylog | Log Collection Solutions

Post a different question

3
responses

romuloforato's picture

romuloforato

Dear Friends
How can I restrict sending records from windows? For example:
From Eventviewer, I want to select only id "5145" regarding deleting files and folders...
For I am receiving a very large amount of messages that I do not need.

I ask for your help.
Thank you.

AskedFebruary 15, 2022 - 1:37pm

Answer (1)

jeffron's picture

jeffron

HI Romulo.,

One way to achieve this will be to filter out every other event. Consider the output module below.

<Output select_only_event_5145_to_GrayLog>
   Module om_udp
   Host 192.168.43.29:12201
   OutputType GELF_UDP
   Exec    if not ($EventID = 5145) drop();
</Output>

AnsweredFebruary 21, 2022 - 10:13am

Leave a comment

Comments (2)

romuloforato
Leave a comment
Hi Jeffron,

thanks for your reply.
And in this case, if I want to add some more event to this filter, like login events, is that also possible?

February 22, 2022 - 1:45pm

jeffron (NXLog)
Leave a comment
Hi Romulo,

Yes, you can filter out events using any id or other properties as well. kindly review the documentation via the link below for more details

https://nxlog.co/documentation/nxlog-user-guide/filtering.html

March 3, 2022 - 9:47am