Log filter type

(Andras Klambauer) #1


I just want to filter the Windows event logs INFO type. I need just the warning critical or sec logs. I set the nxlog conf file loglevel WARNING, but it was not good.
What and where I need to set to filter this type of messages?


(Jochen) #2

What did you do exactly? Please share your complete NXLOG configuration.

(Andras Klambauer) #3
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension _syslog>
    Module      xm_syslog

<Extension gelf>
Module xm_gelf

<Input in>
    Module      im_msvistalog
# For windows 2003 and earlier use the following:
#   Module      im_mseventlog

<Output out>
    Module      om_tcp
    Host        x.x.x.x
    Port        12203
    OutputType  GELF_TCP

<Route 1>
    Path        in => out

(Jochen) #4

You’ve only configured the log level which NXLOG itself is using as a threshold when writing its own log file (see LogFile setting).

If you want to filter the Events ingested from the Windows Event Log, please take a look at the NXLOG documentation for the “im_msvistalog” module at https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#im_msvistalog_config and the available meta data fields (such as $Severity or $SeverityValue) at https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#im_msvistalog_config.

(system) closed #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.