Can NXLog collect Windows XML Event logs vs Rendered Logs?
NXLog IM_MSVistaLog module collects the Rendered Event log rather than the raw XML Windows Event Log.
Is there a configuration option in the NXLog agent or IMVistaLog module to enable collecting the original Windows XML Event Log rather than the Rendered Event Log?
Best Regards,
Chris
Edit: Think I worked this out. Appears to collect the XML data but also the rendered log field. This would lead questions to be:
1) Can you disable or filter out the Message field? It's not needed.
2) Can you collect the Windows Event Log fields in the order they're written, e.g., the Provider field From testing the Provider field is renamed as Sourcename and collected out of order from the original Windows Event Log.
Reason for the above is have multiple upstream systems that require the original log format, and hence testing viability to use NXLog to retrieve Windows Event Logs.
1) Exec delete($Message);
2) Currently the rendered XML is parsed and this original XML is not retained. Perhaps an option could be implemented that allows to do that.
