[nxlog-ce-users] Problem filtering Windows Event Log

Wed, 17 Jul 2013 12:51:52 -0700 

Hi there everyone,
I'm throwing the towel...I'm using NXLOG do forward events to Logstash
centralized interface that would then write to Elastic Search so I can
check'em out in Kibana.
Everything is working fine but I'm trying to filter some log entries that I
don't want to see in ES/Kibana/etc.
What I want to do is:
* Exclude DFS Replication log messages.
* Exclude logs messages that had DEBUG in the message field.

Can anyone help me?
Any help would be appreciated.

My config file looks like this:

<Extension json>
    Module      xm_json
</Extension>

<Input eventlog>
    Module      im_msvistalog
</Input>

<Processor pattern>
    Module  pm_pattern
    PatternFile ..\conf\patterndb.xml
</Processor>

<Output out>
    Module      om_tcp
    Host        XXX
    Port        XX
    Exec        $EventReceivedTime = integer($EventReceivedTime) / 1000000;
\
                to_json();
</Output>

<Route 1>
    Path        eventlog => pattern => out
</Route>

And Patterndb.xml looks like:

<patterndb>
    <group>
        <name>eventlog</name>
        <id>1</id>
        <pattern>
            <id>1</id>
            <name>dfs events</name>
            <matchfield>
                <name>FileName</name>
                <type>string</type>
                <value>DFS Replication</value>
            </matchfield>
            <matchfield>
                <name>SourceName</name>
                <type>string</type>
                <value>DFSR</value>
            </matchfield>
            <matchfield>
                <name>EventID</name>
                <type>rege</type>
                <value>(4202|4208|4302|4304|5004)</value>
            </matchfield>
            <exec>
                drop();
            </exec>
        </pattern>
        <pattern>
            <id>2</id>
            <name>Monitor</name>
            <matchfield>
                <name>Message</name>
                <type>string</type>
                <value>DEBUG</value>
            </matchfield>
            <exec>
                drop();
            </exec>
        </pattern>
    </group>
</patterndb>


[]'s
Geraldo Magella Junior

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users

Reply via email to