Mr. NoNe
Reputation: 51
NXLog Windows Events and Source
I want to upload events only from a "puppet" source, which is "Windows Logs\Application".
I guess I have to change the line <Select Path = 'Application'> * </Select>
How to filter source "puppet" in nxlog.conf?
<Input in>
Module im_msvistalog
ReadFromLast TRUE
<QueryXML>
<QueryList>
<Query Id='1'>
<Select Path='Application'>*</Select>
</Query>
</QueryList>
</QueryXML>
Exec $FileName = 'winapp.log';
Exec $EventTime = $EventReceivedTime;
</Input>
<Output out1>
Module om_udp
Host 10.10.0.40
Port 514
Exec to_syslog_bsd();
</Output>
<Route 1>
Path in => out1
</Route>
Upvotes: 0
Views: 520
Answers (1)
Chtioui Malek
Reputation: 11515
here's how i've done it :
<Query Id='1'>
<Select Path="Application">*[System[Provider[(@Name="MySrcName")]]]</Select>
</Query>
I found the tree path : System > Provider > Name by opening the windows event viewer, then select your event, then event properties, then details.
I said that because it may be different for you based on your windows version.
Upvotes: 1
Related Questions
- Windows Event Log - how to register an event source?
- How do you create an event log source using WiX
- Where is EventLog coming from, why is it wrong?
- WIX: Create EventSource using .NET message file
- NXLog and old Windows events
- How to create a .NET event log source using WiX
- IIS Logs and Event Logs
- how can I writing windows log event with event source
- Create EventLog source in WiX without an event message file
- Windows Event IDs