|
|
| Line 175: |
Line 175: |
|
| |
|
| This tag has no effect for text log files, and can be used as a synonym for <nowiki><tag></nowiki> tag for syslog monitoring. | | This tag has no effect for text log files, and can be used as a synonym for <nowiki><tag></nowiki> tag for syslog monitoring. |
| | |
|
| |
|
| === <level> Tag === | | === <level> Tag === |
| <nowiki>Tag <level> can be used to filter records from Windows Event log by event severity level (also called event type in older Windows versions). Each severity level has it's own code, and to filter by multiple severity levels you should specify sum of appropriate codes. Severity level codes are following:</nowiki> | | Tag <nowiki><level></nowiki> can be used to filter records from Windows Event log by event severity level (also called event type in older Windows versions). Each severity level has it's own code, and to filter by multiple severity levels you should specify sum of appropriate codes. Severity level codes are following: |
| | |
| | |
| {| style="border-spacing:0;"
| |
| | style="border-top:0.0007in solid #000000;border-bottom:0.0007in solid #000000;border-left:0.0007in solid #000000;border-right:none;padding:0.0382in;"| 1
| |
| | style="border:0.0007in solid #000000;padding:0.0382in;"| Error
| |
|
| |
|
| | {| class="wikitable" |
| | |- |
| | ! Code !! Severity |
| | |- |
| | | 1 || Error |
| |- | | |- |
| | style="border-top:none;border-bottom:0.0007in solid #000000;border-left:0.0007in solid #000000;border-right:none;padding:0.0382in;"| 2
| | | 2 || Warning |
| | style="border-top:none;border-bottom:0.0007in solid #000000;border-left:0.0007in solid #000000;border-right:0.0007in solid #000000;padding:0.0382in;"| Warning | |
| | |
| |- | | |- |
| | style="border-top:none;border-bottom:0.0007in solid #000000;border-left:0.0007in solid #000000;border-right:none;padding:0.0382in;"| 4
| | | 4 || Information |
| | style="border-top:none;border-bottom:0.0007in solid #000000;border-left:0.0007in solid #000000;border-right:0.0007in solid #000000;padding:0.0382in;"| Information | |
| | |
| |- | | |- |
| | style="border-top:none;border-bottom:0.0007in solid #000000;border-left:0.0007in solid #000000;border-right:none;padding:0.0382in;"| 8
| | | 8 || Audit Success |
| | style="border-top:none;border-bottom:0.0007in solid #000000;border-left:0.0007in solid #000000;border-right:0.0007in solid #000000;padding:0.0382in;"| Audit Success | |
| | |
| |- | | |- |
| | style="border-top:none;border-bottom:0.0007in solid #000000;border-left:0.0007in solid #000000;border-right:none;padding:0.0382in;"| 16
| | | 16 || Audit Failure |
| | style="border-top:none;border-bottom:0.0007in solid #000000;border-left:0.0007in solid #000000;border-right:0.0007in solid #000000;padding:0.0382in;"| Audit Failure | | |} |
|
| |
|
| |}
| |
| Some examples: | | Some examples: |
|
| |
|
| | | <syntaxhighlight lang="xml"> |
| <nowiki><level>1</level></nowiki> | | <level>1</level> |
| | | </syntaxhighlight> |
|
| |
|
| will match all records with severity level "Error", and | | will match all records with severity level "Error", and |
|
| |
|
| | | <syntaxhighlight lang="xml"> |
| <nowiki><level>6</level></nowiki> | | <level>6</level> |
| | | </syntaxhighlight> |
|
| |
|
| will match all records with severity level "Warning" or "Information". | | will match all records with severity level "Warning" or "Information". |
|
| |
|
| | | This tag has no effect for text log files, and can be used as a synonym for <nowiki><severity></nowiki> tag for syslog monitoring. |
| <nowiki>This tag has no effect for text log files, and can be used as a synonim for <severity> tag for syslog monitoring.</nowiki>
| |
| | |
|
| |
|
| === <facility> Tag === | | === <facility> Tag === |