nxlog.conf filter by eventID

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
billy_strath
Posts: 19
Joined: Wed Nov 22, 2017 5:07 am

nxlog.conf filter by eventID

Post by billy_strath »

can someone tell me how to config nxlog.conf to forward only selected Security eventID log entries?

my conf currently is

<Input eventlog>
Module im_msvistalog
SavePos TRUE
Query <QueryList>\
<Query Id="0">\
<Select Path="Application">*</Select>\
<Select Path="System">*</Select>\
<Select Path="Security">*</Select>\
</Query>\
</QueryList>
Exec to_json();
</Input>

I have come across https://nxlog.co/question/2401/filterin ... -nxlogconf and this https://www.reddit.com/r/sysadmin/comme ... ff_events/ but am having problems in getting either syntax right.

thanks
Top
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: nxlog.conf filter by eventID

Post by mcapra »

Old thread with an implementation:
https://support.nagios.com/forum/viewto ... 0&p=206924

This drops all but the matching event IDs. If you want to include/exclude specific ones, you'd just alter the regex match.

The drop() should occur before your to_json().
Former Nagios employee
https://www.mcapra.com/
Top
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: nxlog.conf filter by eventID

Post by cdienger »

@billy_strath let us know if you have any problems implement what @mcapra linked to.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
Locked

Return to “Nagios Log Server”