Trying to blacklist specific windows event logs based on event code and task category, but doesn't work .
[WinEventLog://Security]
disabled = 0
start_from = oldest
current_only = 0
checkpointInterval = 5
index = winevents
renderXml=false
blacklist1=EventCode="5145" TaskCategory="(Detailed File Share|File Share)"
Example event -
07/13/2018 11:22:01 AM
LogName=Security
SourceName=Microsoft Windows security auditing.
EventCode=5140
EventType=0
Type=Information
ComputerName=SomeServer
TaskCategory=File Share
OpCode=Info
RecordNumber=5487448804
Keywords=Audit Success
Message=A network share object was accessed.
Subject:
Security ID: S-1-5-21-xxxxxxxxx-xxxxxx-xxxxxx-xxxx
Account Name: cz9_rmc_s3_CIFS$
Account Domain: domain
Logon ID: 0x3D9AC95C1
Network Information:
Object Type: File
Source Address: 10.xxx.xx.xxx
Source Port: 45088
Share Information:
Share Name: \\*\IPC$
Share Path:
Access Request Information:
Access Mask: 0x1
Accesses: ReadData (or ListDirectory)
↧