Filter out Windows Event ID’s from Forwarded Logs using the WinCollect Agents

hi all, is there a way to filter forwarded windows events? we have a wincollect agents installed on a server used as the repository for all our windows log sources. they (logs from other sources) are written to the event viewer as forwarded logs. for some reason we cannot filter our event Id’s when configuring the wincollect log source as we do not want to accept all windows events onto our Qradar Event Processors. Does anyone know how to overcome this problem?

Related:

Leave a Reply