Filtering specific event-ids for windows at nxlog

hamendra · December 24, 2019, 6:14am

Hi All,

I am new to Graylog. I need help for filtering logs at nxlog for specific eventids only.
below is the current conf file stuff at my nxlog:

…………………………………………………………………………………………………………

This is a sample configuration file. See the nxlog reference manual about the

configuration options. It should be installed locally and is also available

online at http://nxlog.org/docs/

Please set the ROOT to the folder your nxlog was installed into,

otherwise it will not start.

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

Module xm_syslog Module im_msvistalog # For windows 2003 and earlier use the following: # Module im_mseventlog Module om_tcp Host 0.0.0.0 Port 514 Exec to_syslog_snare();

<Route 1>
Path in => out

………………………………………………………………………….

jan · December 24, 2019, 7:22am

you might want to format your code to make it better readable plus you might want to add your question?

system · January 7, 2020, 7:31am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Advanced XML filtering in Nxlog for Windows Events to help reduce noise on GrayLog Graylog Central (peer support) sidecar , nxlog , nodatanx	3	5897	October 12, 2018
Specific windows events log (EventID 104 etc) not arriving Graylog Central (peer support) sidecar , nxlog , nodatanx	7	3594	July 31, 2017
Missing some event viewer logs Graylog Central (peer support) sidecar , nxlog , nodatanx	8	2020	April 23, 2019
Sedecar and nxlog - filtering windows events - severitz Graylog Central (peer support)	9	2955	June 26, 2017
How to get the customized logs for windows Graylog Central (peer support) sidecar , nxlog , filebeat-windows , nodatanx	15	3787	July 3, 2017