Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

nxlog.conf filter by eventID

https://support.nagios.com/forum/viewtopic.php?t=50675

Page 1 of 1

nxlog.conf filter by eventID

Posted: Tue Oct 16, 2018 9:15 am
by billy_strath
can someone tell me how to config nxlog.conf to forward only selected Security eventID log entries?

my conf currently is

<Input eventlog>
Module im_msvistalog
SavePos TRUE
Query <QueryList>\
<Query Id="0">\
<Select Path="Application">*</Select>\
<Select Path="System">*</Select>\
<Select Path="Security">*</Select>\
</Query>\
</QueryList>
Exec to_json();
</Input>

I have come across https://nxlog.co/question/2401/filterin ... -nxlogconf and this https://www.reddit.com/r/sysadmin/comme ... ff_events/ but am having problems in getting either syntax right.

thanks

Re: nxlog.conf filter by eventID

Posted: Tue Oct 16, 2018 9:23 am
by mcapra
Old thread with an implementation:
https://support.nagios.com/forum/viewto ... 0&p=206924

This drops all but the matching event IDs. If you want to include/exclude specific ones, you'd just alter the regex match.

The drop() should occur before your to_json().

Re: nxlog.conf filter by eventID

Posted: Tue Oct 16, 2018 11:22 am
by cdienger
@billy_strath let us know if you have any problems implement what @mcapra linked to.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited