how to drop nxlog connection message

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
pccwglobalit
Posts: 105
Joined: Wed Mar 11, 2015 9:00 pm

how to drop nxlog connection message

Post by pccwglobalit »

There are a lot of nxlog permit connection message. Can i set filter in nxlog or logstash to drop such messages ?
The Windows Filtering Platform has permitted a connection.

Application Information:
Process ID: 1788
Application Name: \device\harddiskvolume2\program files (x86)\nxlog\nxlog.exe

Network Information:
Direction: Outbound
Source Address: 192.168.99.2
Source Port: 49158
Destination Address: 192.168.99.12
Destination Port: 3515
Protocol: 6

Filter Information:
Filter Run-Time ID: 229143
Layer Name: Connect
Layer Run-Time ID: 48
Top
User avatar
tacolover101
Posts: 432
Joined: Mon Apr 10, 2017 11:55 am

Re: how to drop nxlog connection message

Post by tacolover101 »

take a look at the concept here, and apply it accordingly - https://support.nagios.com/forum/viewto ... 24#p224210

Code: Select all

if [message] =~ 'Start* Session* *nagios**' {
drop {}
}
depending how your message field looks you could[/ probably match something like this Layer Name: Connect
Top
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: how to drop nxlog connection message

Post by mcapra »

If you could share a screenshot of one such event in the Nagios Log Server GUI, fully expanded to show all the fields, that might be helpful for refining the filter rule a bit.
Former Nagios employee
https://www.mcapra.com/
Top
dwhitfield
Former Nagios Staff
Posts: 4583
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:
Contact dwhitfield

Re: how to drop nxlog connection message

Post by dwhitfield »

Thanks @tacolover101 and @mcapra!

@pccwglobalit, let us know if you need anything additional help!
Top
Locked

Return to “Nagios Log Server”