nxlog evtx windows eventlog

Post a question
3
responses

NXLog Enrichment

I'm attempting to enrich some Windows event logs with "ClientMachine" which needs to equal the hostname. I'm having issues with only some logs coming through with this enriched fields, and others do not contain the ClientMachine enrichment. My config is below. Any help would be greatly appreciated.

Panic Soft
define ROOT C:\Program Files\nxlog
#ModuleDir %ROOT%\modules
#CacheDir %ROOT%\data
#SpoolDir %ROOT%\data

AskedAugust 28, 2019 - 11:38pm
2
responses

NXLog Enterprise and EVTX (eventlog) files

Hello all,

I'm currently running NXLog Enterprise in Version nxlog-4.0.3550-x64 with the following config:

<Input eventlog>
Module  im_msvistalog
File    C:\logs\Security.evtx
</Input>

<Input application>
    Module  im_msvistalog
    File    C:\logs\Application.evtx
</Input>

Trying to read-in from 2 local evtx files. In the nxlog.log I see the following error:

AskedJanuary 21, 2019 - 2:38pm