Restrict sending Windows logs to Graylog
Tags:
#1
romuloforato
Dear Friends How can I restrict sending records from windows? For example: From Eventviewer, I want to select only id "5145" regarding deleting files and folders... For I am receiving a very large amount of messages that I do not need.
I ask for your help. Thank you.
#1
romuloforato
Dear Friends How can I restrict sending records from windows? For example: From Eventviewer, I want to select only id "5145" regarding deleting files and folders... For I am receiving a very large amount of messages that I do not need.
I ask for your help. Thank you.
HI Romulo.,
One way to achieve this will be to filter out every other event. Consider the output module below.
Module om_udp
Host 192.168.43.29:12201
OutputType GELF_UDP
Exec if not ($EventID = 5145) drop();
