forked from zensquare/evtsys
-
Notifications
You must be signed in to change notification settings - Fork 0
/
evtsys.cfg
24 lines (24 loc) · 1.04 KB
/
evtsys.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
'!!!!THIS FILE IS REQUIRED FOR THE SERVICE TO FUNCTION!!!!
'
'Comments must start with an apostrophe and
'must be the only thing on that line.
'
'Do not combine comments and definitions on the same line!
'
'Format is as follows - EventSource:EventID
'Use * as a wildcard to ignore all ID's from a given source
'E.g. Security-Auditing:*
'
'In Vista/2k8 and upwards remove the 'Microsoft-Windows-' prefix
'In Vista/2k8+ you may also specify custom XPath queries
'Format is the word 'XPath' followed by a ':', the event log to search,
'followed by a ':', and then the select expression
'E.g XPath:Application:<expression>
'
'Details can be found in the readme file at the following location:
'https://code.google.com/p/eventlog-to-syslog/downloads/list
'**********************:**************************
XPath:default:Application:<Select Path="Application">*</Select>
XPath:login:Security:<Select Path="Security">*[System[(EventID=4624 or EventID=4634)]]</Select>
XPath:default:Setup:<Select Path="Setup">*</Select>
XPath:default:System:<Select Path="System">*</Select>