I created a deployment app (which distributes to Windows Universal Forwarders), from my Linux Deployment Server. Inside Windows\Local\ I have an inputs.conf file looks like this:
[WinEventLog://System]
blacklist = EventCode=xxxx
When the app gets delivered to the Windows Universal Forwarders, the input.conf file in the deployed app looks like this:
[WinEventLog://System]blacklist = EventCode=xxxx
The contents in the Inputs.conf is all in one line causing the blacklisting not to work. Any ideas on what I'm doing wrong?
Jon
Hi @jonsantos,
Windows notepad cannot show Linux line endings properly, that should not be a problem. Please try filter with quotes like below;
[WinEventLog://System]
blacklist = EventCode="xxxx"
If this reply helps you an upvote is appreciated.
Hi @jonsantos,
Windows notepad cannot show Linux line endings properly, that should not be a problem. Please try filter with quotes like below;
[WinEventLog://System]
blacklist = EventCode="xxxx"
If this reply helps you an upvote is appreciated.