is there a way to add a function to drop for windows event logs that are sent via syslog?
Abby Strong
Posts: 12 mod
I am new here and don't know where to start or ask this question.
But, is there a way to add a function to the pipeline to drop
for windows event logs that are sent via syslog to a separate SIEM that only collects logs via syslog?
Below is an example of how the logs are post-processed in syslog.
`
Process Information:
Process ID:
`
0
Answers
-
Yep
0 -
Use the Mask Function
0 -
You might also need `
` and `
` and use the global g and m for multiline flag0 -
Thank you, David, can you please elaborate what the \r does?
0 -
I DM'd you.
0 -
All fixed with Mask
0
