I am trying to blacklist Windows service account named, ftpadmin from all servers. I tried:
[WinEventLog://Security]
disabled = 0
start_from = oldest
current_only = 0
evt_resolve_ad_obj = 1
checkpointInterval = 5
blacklist1 = EventCode="4662" Message="Object Type:\s+(?!groupPolicyContainer)"
blacklist2 = EventCode="566" Message="Object Type:\s+(?!groupPolicyContainer)"
blacklist3 = Account_Name=ftpadmin
that did not work. so I tried by putting ftpadmin in quotation:
blacklist3 = Account_Name="ftpadmin"
but that did not work either. Could someone help please?
Thank you.
