Get rid of explanation in windows message log

by Briomkez   Last Updated September 11, 2019 09:00 AM - source

I am wondering if it is possible to get rid (or simply not store in the first place) the "explanation" inside the events with a specific id, as e.g., event of class 4624 (win2008).

Although the question is generic, I include my particular use case as reference:

I send the logs through winlogbeat to an elasticsearch node, which stores in the field "message" also the explanation. Although it is possible to configure winlogbeat ignore the explanation (through a regexp) I would like to know if there is the possibility in the first place to not send the explanation, e.g., through a configuration in the windows OS.

Tags : windows logging


Related Questions


Problems Accessing Windows Security Log

Updated July 25, 2018 09:00 AM



Windows dns analytic logging to remote destination

Updated September 07, 2017 09:00 AM