"

How to filter out specific events from being monitored by the Logon Reporter software?

Last review: Jan 01, 2013
https://kb.netwrix.com/658
Copy Article URL Copied

How to filter out specific events from being monitored by the NetWrix Logon Reporter software.


There is ExcludeFilter.txt file in the Netwrix Logon Reporter installation folder.

This file contains a list of event parameters indicating that an event should be omitted from reports and email Detail Reports.
The event that has any of the parameters specified in this file will be omitted.
The following parameters can be specified: Computer, EventID, User, SID, UserDomain, UserName.
One entry per line is accepted in the following format: parameter:value
For example, if you want to omit all events generated by user jsmith, add the following line:
User:corpjsmith
Wildcard (*) can be used to replace any number of symbols.
 

Few useful examples:

  1. To exclude netwrix service account, add the following string:
User:*netwrix_account
  1. To exclude workstations and servers account logins, add the following string:
User:**$
  1. To exclude useless system logins, add the following strings:
User:*AUTHORITYANONYMOUS*
User:*AUTHORITYSYSTEM*
User:*AUTHORITYLOCAL*
User:*AUTHORITYNETWORK*

NOTE: If your Netwrix Logon Reporter installation directory does not contain the ExcludeFilter.txt file, please contact Netwrix Technical Support team to get the most recent version of the program.

Go Up