5.3 How to set Event Log Filter

• Event Log filters decide which logs to be collected and forwarded to remote syslog servers. The application reads all the logs and forwards based on the configured filters.

• Setting filters is quite easy for the users as it is possible to utilize existing custom-view feature of the windows event viewer.

Procedure

1. Open Windows Event Viewer of the host machine and right click to find “Create Custom View” option.

   

2. Click on “Create Custom View”

3. Set the Desired filters based on Event Level, By Log, By Source, Event ID and Keywords.

   

4. After configuring all required filter options, Click on “XML” tab.

   

5. Select and copy the “XML” code from the XML tab.

6. Paste that into the the “SyskeyOT Windows Agent-EventLog” XML query tab.

   

7. Click and there we go.

Note: Use the same Copied Query in SyskeyOT Windows Agents hosted on other similar windows machines (if any with same filter configurations)