For Windows log sources, log channels that should be collected are specified in the Windows Event Log Policy in the Alert Logic® console. Individual event types cannot be selected or filtered out. By default, all log channels are collected.
For syslog sources, there is no functionality in Alert Logic Log Management for selecting or filtering specific events, facilities, or severities for collection. Using the syslog service, configuration-specific facilities and severities can be selected or filtered out. This means only logs with specified facilities and severities will be sent to the appliance.