There are a lot of nxlog permit connection message. Can i set filter in nxlog or logstash to drop such messages ?
The Windows Filtering Platform has permitted a connection.
Application Information:
Process ID: 1788
Application Name: \device\harddiskvolume2\program files (x86)\nxlog\nxlog.exe
Network Information:
Direction: Outbound
Source Address: 192.168.99.2
Source Port: 49158
Destination Address: 192.168.99.12
Destination Port: 3515
Protocol: 6
Filter Information:
Filter Run-Time ID: 229143
Layer Name: Connect
Layer Run-Time ID: 48
how to drop nxlog connection message
- tacolover101
- Posts: 432
- Joined: Mon Apr 10, 2017 11:55 am
Re: how to drop nxlog connection message
take a look at the concept here, and apply it accordingly - https://support.nagios.com/forum/viewto ... 24#p224210
depending how your message field looks you could[/ probably match something like this Layer Name: Connect
Code: Select all
if [message] =~ 'Start* Session* *nagios**' {
drop {}
}
Re: how to drop nxlog connection message
If you could share a screenshot of one such event in the Nagios Log Server GUI, fully expanded to show all the fields, that might be helpful for refining the filter rule a bit.
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
-
- Former Nagios Staff
- Posts: 4583
- Joined: Wed Sep 21, 2016 10:29 am
- Location: NoLo, Minneapolis, MN
- Contact: