I set up NXLog to forward logs from my domain controller but the sheer amount of logon events is too much. There are different logon types, described here, for each logon ID. I really only want types 2 and 11, the main culprit for the massive amount of logins is auto network logins which are type 3.
NXLog has the patterns.xml file which have patterns for each event ID, but each event ID can have multiple logon types. I want a way to filter out all types except for 2 and 11. Is this possible, and how can it be done?