Windows event security log


(Paolo) #1

Hi Guys,

I have succesfully configured graylog with windows server using nxlog, but I would like to send only securty event concern a specific user.

What are the parameters that I can use?

Here you a part of nxlog.conf file

Module im_msvistalog
Query   <QueryList>\
        		<Query Id="0">\
        		<Select Path="Security">*[System[(EventID=4625)]]</Select>\
			<Select Path="Security">*[System[(EventID=4624)]]</Select>\
		<Select Path="Security">*[System[(EventID=4634)]]</Select>\
		</Query>\
       	</QueryList>

Thanks in advange
Bye
Paolo


(system) closed #2

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.