Log filter type


(Andras Klambauer) #1

Hi,

I just want to filter the Windows event logs INFO type. I need just the warning critical or sec logs. I set the nxlog conf file loglevel WARNING, but it was not good.
What and where I need to set to filter this type of messages?

Thx!


(Jochen) #2

What did you do exactly? Please share your complete NXLOG configuration.


(Andras Klambauer) #3
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel WARNING

<Extension _syslog>
    Module      xm_syslog
</Extension>

<Extension gelf>
Module xm_gelf
</Extension>

<Input in>
    Module      im_msvistalog
# For windows 2003 and earlier use the following:
#   Module      im_mseventlog
</Input>

<Output out>
    Module      om_tcp
    Host        x.x.x.x
    Port        12203
    OutputType  GELF_TCP
</Output>
 

<Route 1>
    Path        in => out
</Route>

(Jochen) #4

You’ve only configured the log level which NXLOG itself is using as a threshold when writing its own log file (see LogFile setting).

If you want to filter the Events ingested from the Windows Event Log, please take a look at the NXLOG documentation for the “im_msvistalog” module at https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#im_msvistalog_config and the available meta data fields (such as $Severity or $SeverityValue) at https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#im_msvistalog_config.


(system) #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.