Hi, Facility is for syslog. Perhaps you meant Severity? It usually helps to dump out your logs in JSON or KVP to see what the fields are.
Regards, Botond On Mon, 27 Jun 2016 19:32:27 +0000 <ward.p.fonte...@wellsfargo.com> wrote: > I'm trying to dump all logs with INFO like the one below - > > 2016-06-27 15:25:01 SOME_WINDOWS_SERVER INFO 5857 NT AUTHORITY\LOCAL SERVICE > WmiPerfInst provider started with result code 0x0. HostProcess = > wmiprvse.exe; ProcessID = 7328; ProviderPath= > C:\Windows\system32\wbem\WmiPerfInst.dll > > And had put the following in my patternsdb.xml file but it's not catching, so > I know that Facility is not correct. I just don't know what I need to match > INFO and drop that log entry. > > Patternsdb.xml snippet - > > <pattern> > <id>16</id> > <name>INFO</name> > <matchfield> > <name>Facility</name> > <value>INFO</value> > </matchfield> > <exec>drop();</exec> > </pattern> > > Respectfully, > > Ward P Fontenot > ------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
