Request trial
Request Trial

For im_wseventing , fields Task and Category seemed to be messed up.

Tags:
#1 TD_609646

Take for example event 4624, with output as JSON to kafka, there is a JSON field in im_msvistalog:

"Category":"Logon",
...
"Task":12544,

Now, looking at an event 4624 collected via im_wseventing, the JSON looks like this:

"Task":"Logon"

Note: Field Category is missing! As "Task" contains the category, in reality, the Task is missing here..

Please fix that for the WEC collector.

Best regards Theo

Permalink
#2 rafDeactivated Nxlog ✓
#1 TD_609646
Take for example event 4624, with output as JSON to kafka, there is a JSON field in im_msvistalog: "Category":"Logon", ... "Task":12544, Now, looking at an event 4624 collected via im_wseventing, the JSON looks like this: "Task":"Logon" Note: Field Category is missing! As "Task" contains the category, in reality, the Task is missing here.. Please fix that for the WEC collector. Best regards Theo

Hi Theo,

First - please, try to keep one topic in a single thread - otherwise, we will get messy really quickly. You can always edit/add content to your existing thread.

Which NXLog version do you use?
Could you share your conf?

Best regards,
Rafal
Login to see more

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS