Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Filter logs at the Windows client (NXlog)

https://support.nagios.com/forum/viewtopic.php?t=64015

Page 1 of 1

Filter logs at the Windows client (NXlog)

Posted: Thu Nov 18, 2021 9:02 am
by tim620
Right now our Windows systems are sending everything to the log server. In a few cases this is millions of logs per day and is causing performance issues on the log server itself, as well as rapidly filling up our storage.

How do we filter logs on the NXlog client prior to them being sent to the log server itself?

Re: Filter logs at the Windows client (NXlog)

Posted: Thu Nov 18, 2021 6:35 pm
by ssax
You would modify the nxlog.conf on the Windows system to either drop the ones you don't want or keep the ones you do want:

https://nxlog.co/documentation/nxlog-us ... ering.html

See the Exec drop at the bottom here:

Code: Select all

# Windows Event Log
<Input eventlog>
# Uncomment im_msvistalog for Windows Vista/2008 and later
    Module im_msvistalog
 
	<QueryXML>
		<QueryList>
			<Query Id='0'>
				<Select Path='System'>*</Select>
				<Select Path='Application'>*</Select>
				<Select Path='Security'>*</Select>
			</Query>
		</QueryList>
	</QueryXML>
	<Exec>
	    if not ($EventID in (12345, 22222))
	    drop();
	</Exec>
</Input>
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited