Forwarding windows logs changes priority
Here at ABB Facts we have been using solarwinds forwarding client with Kiwi but the client is showing its age and no longer works properly.
I have set up nxlog as a replacement forwarder and it works fine but the priority is now set to Debug on all the windows events instead of Notice or Info as it was with the Solarwinds forwarder.
My conf file is very simple and shouldnt cause this problem. I have searched for a solution but without any luck.
Here is my conf file:
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log
<Extension syslog> Module xm_syslog </Extension>
<Input internal> Module im_internal </Input>
<Input eventlog>
Module im_msvistalog
Query <QueryList>
<Query Id="0">
<Select Path="System"></Select>
<Select Path="Security"></Select>
</Query>
</QueryList>
</Input>
<Output out> Module om_udp Host 10.250.254.19 Port 514 </Output>
Assuming you want to send Syslog, see the Generating Syslog section in the User Guide. See e.g. Example 359. Forwarding BSD Syslog via UDP. Basically you'll need to add Exec to_syslog_bsd();.
To override the default severity and set to INFO use $SyslogSeverityValue = 6;
