How to filter out specific events from being monitored by the Logon Reporter software?

filter out specific events omit
Email It to Me Print this Page
Question How to filter out specific events from being monitored by the NetWrix Logon Reporter software.
Answer There is ExcludeFilter.txt file in the Netwrix Logon Reporter installation folder.
This file contains a list of event parameters indicating that an event should be omitted from reports and email Detail Reports.
The event that has any of the parameters specified in this file will be omitted.
The following parameters can be specified: Computer, EventID, User, SID, UserDomain, UserName.
One entry per line is accepted in the following format: parameter:value
For example, if you want to omit all events generated by user jsmith, add the following line:
User:corp\jsmith
Wildcard (*) can be used to replace any number of symbols.
 

Few useful examples:
  1. To exclude netwrix service account, add the following string:
User:*\netwrix_account
  1. To exclude workstations and servers account logins, add the following string:
User:*\*$
  1. To exclude useless system logins, add the following strings:
User:*AUTHORITY\ANONYMOUS*
User:*AUTHORITY\SYSTEM*
User:*AUTHORITY\LOCAL*
User:*AUTHORITY\NETWORK*

NOTE: If your Netwrix Logon Reporter installation directory does not contain the ExcludeFilter.txt file, please contact Netwrix Technical Support team to get the most recent version of the program.
Was this information helpful?