Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

how to drop nxlog connection message

https://support.nagios.com/forum/viewtopic.php?t=44783

Page 1 of 1

how to drop nxlog connection message

Posted: Sun Jul 23, 2017 9:11 pm
by pccwglobalit
There are a lot of nxlog permit connection message. Can i set filter in nxlog or logstash to drop such messages ?
The Windows Filtering Platform has permitted a connection.

Application Information:
Process ID: 1788
Application Name: \device\harddiskvolume2\program files (x86)\nxlog\nxlog.exe

Network Information:
Direction: Outbound
Source Address: 192.168.99.2
Source Port: 49158
Destination Address: 192.168.99.12
Destination Port: 3515
Protocol: 6

Filter Information:
Filter Run-Time ID: 229143
Layer Name: Connect
Layer Run-Time ID: 48

Re: how to drop nxlog connection message

Posted: Sun Jul 23, 2017 11:07 pm
by tacolover101
take a look at the concept here, and apply it accordingly - https://support.nagios.com/forum/viewto ... 24#p224210

Code: Select all

if [message] =~ 'Start* Session* *nagios**' {
drop {}
}
depending how your message field looks you could[/ probably match something like this Layer Name: Connect

Re: how to drop nxlog connection message

Posted: Mon Jul 24, 2017 8:41 am
by mcapra
If you could share a screenshot of one such event in the Nagios Log Server GUI, fully expanded to show all the fields, that might be helpful for refining the filter rule a bit.

Re: how to drop nxlog connection message

Posted: Mon Jul 24, 2017 1:26 pm
by dwhitfield
Thanks @tacolover101 and @mcapra!

@pccwglobalit, let us know if you need anything additional help!
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited