All event handlers support filtering of events. This is especially useful if particular events are of special interest, e.g. specific open ports.
The configuration option to enable filtering for an event handler is called filter and has the name of the JSON fields as options.
The following example example of the terminal filter prints all events of type environment or where portscan.port is 25:
events:
terminal:
enabled: true
# Any matching filter is going to be printed
filter:
environment: # empty filter is printed if a element of this type exists
result.port: 25 # All port 25 events, regardless of scanning module.
internal:
channelsize: 1000
In this case, this is only applied to the terminal event handler - but filtering works the same way for other event handlers, too.