Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

filtering items which no need

https://support.nagios.com/forum/viewtopic.php?t=34224

Page 1 of 1

filtering items which no need

Posted: Mon Aug 17, 2015 9:28 pm
by pccwglobalit
how can i filter or delete log items which i am not sure i don't want to put on elasticsearch server.
for example, the following program
\device\harddiskvolume2\program files (x86)\nxlog\nxlog.exe
The Windows Filtering Platform has permitted a connection.

Application Information:
Process ID: 1076
Application Name: \device\harddiskvolume2\program files (x86)\nxlog\nxlog.exe

Network Information:
Direction: Outbound
Source Address: 192.168.1.1
Source Port: 49157
Destination Address: 192.168.1.2
Destination Port: 3515
Protocol: 6

Filter Information:
Filter Run-Time ID: 71242
Layer Name: Connect
Layer Run-Time ID: 48

Re: filtering items which no need

Posted: Tue Aug 18, 2015 11:45 am
by tmcdonald
Are you looking to block any logs from that application, or just the "The Windows Filtering Platform has permitted a connection." message?

Either way, you can set up a filter in Logserver by going to Administration -> Global Configuration:

https://assets.nagios.com/downloads/nag ... ilters.pdf

Re: filtering items which no need

Posted: Tue Aug 18, 2015 11:54 am
by jdalrymple
More specifically - if you can write a conditional to match the events you would like to drop, the 'drop { }' filter should work for you. Something like:

Code: Select all

if [message] =~ /.*has permitted a connection.*/ {    
  drop { }
}
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited