1 Reply Latest reply on Sep 29, 2016 3:09 PM by meciar

    SIEM Collector specific events


      Hi, I'm testing out the SIEM collector and I got it to work well in collecting event logs from a specific system. I am wondering what the best way would be to only send specific events? For example, can I send specific events (event ids ##, #) to the SIEM rather than get all of the Security, Application, System events.


      I'd rather just send over the events I need rather than filter out the ones I don't at the SIEM. Any suggestions?

        • 1. Re: SIEM Collector specific events

          Well I think I've got a couple solutions for my own problem now. I can either use a powershell script to strip out the events I want from the event log and put them into a *.log file and use the generic log tail collector option. Or, I can just setup more filtering at on the SIEM.