Closed GoogleCodeExporter closed 8 years ago
GoogleCodeExporter
commented
8 years ago Perhaps I misunderstand what you are trying to filter. Are you wanting to just
filter on those IDs, or do you want to also filter on some criteria within
those IDs?Original comment by sherwin....@gmail.com on 20 May 2011 at 2:38
GoogleCodeExporter
commented
8 years ago On some criteria actually.
Say, I have a server that does Antivirus and produces ~6 million service logins
(with users like WS0000$) over the day.
My only option with evtsys is to
* send them, which does generate heaploads of traffic
* Squeeze them into the DB, since I wouldn't want to apply a general filter
that early
* Remove them with a simple cron later on(DELETE FROM SYSTEMEVENTS WHERE
EVENTUSER LIKE '%$' AND EVENTID IN (<list of eventids id like to remvoe from>);
Instead I'd rather apply a regex filter on the client side and save a heapload
of traffic, central logging host operations, mysql time and crons :)Original comment by kleindl....@gmail.com on 20 May 2011 at 9:25
GoogleCodeExporter
commented
8 years ago And just to add, I need to send them because they frankly use the same EventIDs
as other logons(4624 and 4634) :/Original comment by kleindl....@gmail.com on 20 May 2011 at 9:26
GoogleCodeExporter
commented
8 years ago I know this was posted quite some time ago, but thought I would update it. This
won't be possible in any short period of time because adding filtering or regex
capability would require some extended research and testing. If someone would
like to put in the effort and submit a patch I would be happy to include it.
-SherwinOriginal comment by sherwin....@gmail.com on 8 Jul 2011 at 3:43
Original issue reported on code.google.com by
kleindl....@gmail.comon 19 May 2011 at 9:20