• State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 21 subscribers
  • Views 336 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Filtering on Windows Events

BRosenow

I'm sure this is simple . . . but so far I have been unsuccessful in making it work.

I am using Kiwi Syslog Server and Snare to collect syslog messages from Windows 2003 servers.  The collection and simple display is going well.  What I am having problems with is filtering on specific Windows events, like #529.  In the display of the log I see <TAB>529<TAB>.  Seems like I could just filter on "\t529\t" - but that does not work.

SO . . . is anyone else doing this?  What am I missing?  I am still evaluating the product (I have the 30 day eval version) and really like the potential of the product - but to buy it and put it into production, this HAS to work.

Thanks,
Brian

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.