swordzjj / eventlog-to-syslog

Automatically exported from code.google.com/p/eventlog-to-syslog
0 stars 0 forks source link

Xpath filter support #77

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Hi,
eventlog-to-syslog allows to send only some eventID but not to apply filter in 
one eventID.

For example : i need to identify only administrator connection attempts 
with wevutil, i can do it with the following filter to EventID 4625 :

Prompt>wevtutil qe Security 
/q:"*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and 
(EventID=4625)] and EventData[Data[@Name='TargetUserName']='Administrator']] 
/r:IP_SERVER /u:account /p:password

but it is an asynchron solution and an evolution of your tool would be better. 

Best regards

Colas

Original issue reported on code.google.com by cmoico...@yahoo.fr on 30 Nov 2012 at 12:07

GoogleCodeExporter commented 8 years ago
You'll be happy to know that this feature is now supported Colas. It is 
committed in the trunk. I have some documentation to complete that shows how to 
use it.

Original comment by sherwin....@gmail.com on 25 Sep 2013 at 4:44

GoogleCodeExporter commented 8 years ago
Fixed in v4.5.0

Original comment by sherwin....@gmail.com on 30 Sep 2013 at 4:51