Hi ,
I would like to understand something about a filter.
I have some windows logs who this kind of systag
Microsoft-Windows-Security-Auditing[518]
I want to filter this kind of systag when they have "error" severety , and
after , drop them
si i 've done this kind things
<Input indeux>Module im_msvistalogReadFromLast TrueExec if $SourceName =~
/Microsoft-Windows-Security-Auditing/ and $Severity != 'ERR' \{\ drop();\}
but it does not work...
i 'm thank the symbol / mytext / means " contain mytext"
So i tried to use the symbol ^ to tell "what start with..." and do only one
condition
<Input indeux>Module im_msvistalogReadFromLast TrueExec if $SourceName =~
/^Microsoft-Windows-Security-Auditing/\{\ drop();\}</Input>
but also it does not work...
Do you have any idea where i made some mistakes?
Regards,
------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13.
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
