Let's Talk
Let's Talk

Restrict sending Windows logs to Graylog

Tags:
#1 romuloforato

Dear Friends How can I restrict sending records from windows? For example: From Eventviewer, I want to select only id "5145" regarding deleting files and folders... For I am receiving a very large amount of messages that I do not need.

I ask for your help. Thank you.

Permalink
#2 jeffron Nxlog ✓
#1 romuloforato
Dear Friends How can I restrict sending records from windows? For example: From Eventviewer, I want to select only id "5145" regarding deleting files and folders... For I am receiving a very large amount of messages that I do not need. I ask for your help. Thank you.

HI Romulo.,

One way to achieve this will be to filter out every other event. Consider the output module below.

<Output select_only_event_5145_to_GrayLog>
   Module om_udp
   Host 192.168.43.29:12201
   OutputType GELF_UDP
   Exec    if not ($EventID = 5145) drop();
</Output>
Login to see more