NXLog on Windows server 2003 (im_mseventlog) invalid keyword: Query problem

#1 emve 8 years ago

Hi,

I have installed NXLog on Windows server 2003 with this configuration (example from NXLog reference manual)

<Input in>
# Module im_msvistalog
# For windows 2003 and earlier use the following:
Module im_mseventlog
Query <QueryList> <Query Id="0"> <Select Path="Security">*</Select> </Query> </Querylist>
</Input>

I received "ERROR invalid keyword: Query" in nxlog.log :

2015-11-27 10:57:38 ERROR invalid keyword: Query at C:\Program Files\nxlog\conf\nxlog.conf:21

This configuration is working fine with "Module im_msvistalog" on Windows Server 2008 and later.

(http://www.developpez.net/forums/d1545842/systemes/windows/windows-serveur/solution-nxlog-graylog/)

How can I fix this problem ?

Thank you,

Permalink

#2 adm Nxlog ✓ 8 years ago

#1 emve

Hi, I have installed NXLog on Windows server 2003 with this configuration (example from NXLog reference manual) <Input in> # Module im_msvistalog # For windows 2003 and earlier use the following: Module im_mseventlog Query <QueryList> <Query Id="0"> <Select Path="Security">*</Select> </Query> </Querylist> </Input> I received "ERROR invalid keyword: Query" in nxlog.log : 2015-11-27 10:57:38 ERROR invalid keyword: Query at C:\Program Files\nxlog\conf\nxlog.conf:21 This configuration is working fine with "Module im_msvistalog" on Windows Server 2008 and later. (http://www.developpez.net/forums/d1545842/systemes/windows/windows-serveur/solution-nxlog-graylog/) How can I fix this problem ? Thank you,

The XML Query cannot be used by im_mseventlog, see the Sources directive that is applicable here. For more sophisticated filtering you can still use drop() conditionally within the Exec directive as in any other module.