Get rid of explanation in windows message log

by Briomkez   Last Updated September 11, 2019 09:00 AM

I am wondering if it is possible to get rid (or simply not store in the first place) the "explanation" inside the events with a specific id, as e.g., event of class 4624 (win2008).

Although the question is generic, I include my particular use case as reference:

I send the logs through winlogbeat to an elasticsearch node, which stores in the field "message" also the explanation. Although it is possible to configure winlogbeat ignore the explanation (through a regexp) I would like to know if there is the possibility in the first place to not send the explanation, e.g., through a configuration in the windows OS.

Tags : windows logging

Related Questions

Updated July 25, 2018 09:00 AM

Updated July 28, 2015 14:00 PM

Updated July 17, 2019 23:00 PM

Updated September 07, 2017 09:00 AM

Updated December 27, 2018 16:00 PM