Windows event security log

Forward · December 27, 2018, 4:06pm

Hi Guys,

I have succesfully configured graylog with windows server using nxlog, but I would like to send only securty event concern a specific user.

What are the parameters that I can use?

Here you a part of nxlog.conf file

Module im_msvistalog

Query   <QueryList>\
        		<Query Id="0">\
        		<Select Path="Security">*[System[(EventID=4625)]]</Select>\
			<Select Path="Security">*[System[(EventID=4624)]]</Select>\
		<Select Path="Security">*[System[(EventID=4634)]]</Select>\
		</Query>\
       	</QueryList>

Thanks in advange
Bye
Paolo

system · January 10, 2019, 4:06pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Windows Event Log - Security Graylog Central (peer support)	3	2126	July 1, 2019
Filtering specific event-ids for windows at nxlog Graylog Central (peer support) sidecar , nxlog , nodatanx	2	1417	January 7, 2020
How to filter eventlog and forward to graylog Graylog Central (peer support) sidecar , nxlog , nodatanx	4	3578	August 22, 2018
Windows Server NXLog - Graylog Graylog Central (peer support) sidecar , nxlog , nodatanx	3	9112	August 2, 2018
Specific windows events log (EventID 104 etc) not arriving Graylog Central (peer support) sidecar , nxlog , nodatanx	7	3633	July 31, 2017

Windows event security log

Related topics