With the massive amount of noise generated in Windows event logs it makes a lot of sense to limit the events sent by logforwarder to a central syslog server instead of sending everything and having it do all the filtering. Ideally regex for the filtering but even simple DOS-style wildcards would be useful, especially if a delimited list was allowed for 'OR' support. Filtering should support both include & exclude rules.
Thanx,
Bill
