paleg / eventlog-to-syslog

Automatically exported from code.google.com/p/eventlog-to-syslog
3 stars 3 forks source link

evtsys.cfg how to add filter for another attributes #70

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
HI.
Awesome app.
But need help.
I want to filtering some messages from AD.
example i can du this with add new string parameter in evtsys.cfg
Security: 540
But if i want filtering only one user for this event type, how can i do this?
example
 ... Security: 540: MyDomani\FludUser:
How i can add filter for "MyDomani\FludUser" and not to 540 ?

if you can, mail me to maodzedun_at_gmail.com

Original issue reported on code.google.com by maodze...@gmail.com on 3 Oct 2012 at 1:23

GoogleCodeExporter commented 8 years ago
This is not currently possible. I did not implement that kind of filtering 
because it's so expensive resource-wise. Perhaps in the future there may be an 
option to enable it, but currently it is not available.

Original comment by sherwin....@gmail.com on 16 Oct 2012 at 2:02

GoogleCodeExporter commented 8 years ago
If you're using Vista/2k8+ you should be able to do this with an XPath query. 
Try it out and let me know if that does not solve your problem.

Original comment by sherwin....@gmail.com on 30 Sep 2013 at 4:48