Filtering specific event-ids for windows at nxlog

hamendra · December 24, 2019, 6:14am

Hi All,

I am new to Graylog. I need help for filtering logs at nxlog for specific eventids only.
below is the current conf file stuff at my nxlog:

…………………………………………………………………………………………………………

This is a sample configuration file. See the nxlog reference manual about the

configuration options. It should be installed locally and is also available

online at http://nxlog.org/docs/

Please set the ROOT to the folder your nxlog was installed into,

otherwise it will not start.

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

Module xm_syslog Module im_msvistalog # For windows 2003 and earlier use the following: # Module im_mseventlog Module om_tcp Host 0.0.0.0 Port 514 Exec to_syslog_snare();

<Route 1>
Path in => out

………………………………………………………………………….

jan · December 24, 2019, 7:22am

you might want to format your code to make it better readable plus you might want to add your question?

system · January 7, 2020, 7:31am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Advanced XML filtering in Nxlog for Windows Events to help reduce noise on GrayLog Graylog Central (peer support) sidecar , nxlog , nodatanx	3	6000	October 12, 2018
How to filter eventlog and forward to graylog Graylog Central (peer support) sidecar , nxlog , nodatanx	4	3578	August 22, 2018
NXLog to Gray Log Graylog Central (peer support) sidecar , nxlog , nodatanx	6	1206	February 4, 2020
Log filter type Graylog Central (peer support) sidecar , nxlog , nodatanx	4	1078	May 30, 2018
Windows Server NXLog - Graylog Graylog Central (peer support) sidecar , nxlog , nodatanx	3	9112	August 2, 2018