how can i filter or delete log items which i am not sure i don't want to put on elasticsearch server.
for example, the following program
\device\harddiskvolume2\program files (x86)\nxlog\nxlog.exe
The Windows Filtering Platform has permitted a connection.
Application Information:
Process ID: 1076
Application Name: \device\harddiskvolume2\program files (x86)\nxlog\nxlog.exe
Network Information:
Direction: Outbound
Source Address: 192.168.1.1
Source Port: 49157
Destination Address: 192.168.1.2
Destination Port: 3515
Protocol: 6
Filter Information:
Filter Run-Time ID: 71242
Layer Name: Connect
Layer Run-Time ID: 48
filtering items which no need
Re: filtering items which no need
Are you looking to block any logs from that application, or just the "The Windows Filtering Platform has permitted a connection." message?
Either way, you can set up a filter in Logserver by going to Administration -> Global Configuration:
https://assets.nagios.com/downloads/nag ... ilters.pdf
Either way, you can set up a filter in Logserver by going to Administration -> Global Configuration:
https://assets.nagios.com/downloads/nag ... ilters.pdf
Former Nagios employee
-
jdalrymple
- Skynet Drone
- Posts: 2620
- Joined: Wed Feb 11, 2015 1:56 pm
Re: filtering items which no need
More specifically - if you can write a conditional to match the events you would like to drop, the 'drop { }' filter should work for you. Something like:
Code: Select all
if [message] =~ /.*has permitted a connection.*/ {
drop { }
}