Hi,
I just want to filter the Windows event logs INFO type. I need just the warning critical or sec logs. I set the nxlog conf file loglevel WARNING, but it was not good.
What and where I need to set to filter this type of messages?
Thx!
What did you do exactly? Please share your complete NXLOG configuration.
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel WARNING
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension gelf>
Module xm_gelf
</Extension>
<Input in>
Module im_msvistalog
# For windows 2003 and earlier use the following:
# Module im_mseventlog
</Input>
<Output out>
Module om_tcp
Host x.x.x.x
Port 12203
OutputType GELF_TCP
</Output>
<Route 1>
Path in => out
</Route>
You’ve only configured the log level which NXLOG itself is using as a threshold when writing its own log file (see LogFile setting).
If you want to filter the Events ingested from the Windows Event Log, please take a look at the NXLOG documentation for the “im_msvistalog” module at https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#im_msvistalog_config and the available meta data fields (such as $Severity or $SeverityValue) at https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#im_msvistalog_config.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.