Hello guys...
I'm just evaluating Kiwi Syslog Server for collecting windows event logs (fed by snare agents).
Everything is working like a charm except creating own filters in web access.
I want to create a filter to show every event containing a special string (Logon Type: 3) in "Message Text".
filter field: message text
predicate: is
field operator: like
filter expression: Logon Type: 3
does not work: no filtering is done.
filter expression: Logon Type:
and
filter expression: Logon Type
work, just entries containing "Logon Type" are displayed.
Is there any possibility to filter for "Logon Type: 3"?
Thanks in advance, Jens
