Windows event security log

Forward · December 27, 2018, 4:06pm

Hi Guys,

I have succesfully configured graylog with windows server using nxlog, but I would like to send only securty event concern a specific user.

What are the parameters that I can use?

Here you a part of nxlog.conf file

Module im_msvistalog

Query   <QueryList>\
        		<Query Id="0">\
        		<Select Path="Security">*[System[(EventID=4625)]]</Select>\
			<Select Path="Security">*[System[(EventID=4624)]]</Select>\
		<Select Path="Security">*[System[(EventID=4634)]]</Select>\
		</Query>\
       	</QueryList>

Thanks in advange
Bye
Paolo

system · January 10, 2019, 4:06pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sending the desired logs via e-mail in Graylog Graylog Central (peer support) nxlog , winlogbeat	2	431	December 27, 2022
Queries not working properly? Graylog Central (peer support)	3	1710	May 14, 2018
AD failed log on stream Graylog Central (peer support)	5	2316	January 3, 2018
Attaching Alerts to Events Graylog Central (peer support)	10	1100	January 4, 2018
Graylog 3.2 alerts Graylog Central (peer support)	2	382	March 25, 2020

Windows event security log

Related Topics