Hi, I'm testing out the SIEM collector and I got it to work well in collecting event logs from a specific system. I am wondering what the best way would be to only send specific events? For example, can I send specific events (event ids ##, #) to the SIEM rather than get all of the Security, Application, System events.
I'd rather just send over the events I need rather than filter out the ones I don't at the SIEM. Any suggestions?
Well I think I've got a couple solutions for my own problem now. I can either use a powershell script to strip out the events I want from the event log and put them into a *.log file and use the generic log tail collector option. Or, I can just setup more filtering at on the SIEM.