Community Forum

Post a question
2
responses

For im_wseventing , fields Task and Category seemed to be messed up.

Take for example event 4624, with output as JSON to kafka, there is a JSON field in im_msvistalog:

"Category":"Logon",
...
"Task":12544,

Now, looking at an event 4624 collected via im_wseventing, the JSON looks like this:

"Task":"Logon"

Note: Field Category is missing! As "Task" contains the category, in reality, the Task is missing here..

Please fix that for the WEC collector.

AskedNovember 23, 2020 - 8:15pm
0
responses

Missing parent/creator process id for event 4688 with im_wseventing

For event 4688 I can only extract the parent process id out of the message body but there is no field in JSON containing only the parent process id. In im_msvistalog this field is properly added to JSON. Example in im_wseventing:

AskedNovember 23, 2020 - 8:06pm
2
responses

Windows Server 2016 NXLOG service keep on stopping every few days

When I check the Windows "Services", it is running, but the logs are not transferred.
After restarting the service, it works fine for a few days. After a few days, the logs will not be transferred.
I think that "★" is because the transfer destination server is temporarily offline.
If I can't connect even once, can I connect after that?

AskedNovember 20, 2020 - 3:17am
0
responses

Specify "Template Type" selection seems to be missing.

Hello everyone. I'm new to NXLog but I'm glad to be here and to learn.

We have the Enterprise edition and I'm trying to work out how the template structure works. The user doc (135.3. Creating Templates) references the image below. Add agent template

AskedNovember 19, 2020 - 9:51pm

Pages