nxlog evtx windows eventlog |

0
answers

JacobY

NXLog Enrichment

I'm attempting to enrich some Windows event logs with "ClientMachine" which needs to equal the hostname. I'm having issues with only some logs coming through with this enriched fields, and others do not contain the ClientMachine enrichment. My config is below. Any help would be greatly appreciated.

Panic Soft
define ROOT C:\Program Files\nxlog
#ModuleDir %ROOT%\modules
#CacheDir %ROOT%\data
#SpoolDir %ROOT%\data

nxlog evtx windows eventlog,

AskedAugust 28, 2019 - 11:38pm

2
answers

micsnare

NXLog Enterprise and EVTX (eventlog) files

Hello all,

I'm currently running NXLog Enterprise in Version nxlog-4.0.3550-x64 with the following config:

<Input eventlog>
Module  im_msvistalog
File    C:\logs\Security.evtx
</Input>

<Input application>
    Module  im_msvistalog
    File    C:\logs\Application.evtx
</Input>

Trying to read-in from 2 local evtx files. In the nxlog.log I see the following error:

nxlog evtx windows eventlog,

AskedJanuary 21, 2019 - 2:38pm

You are here

nxlog evtx windows eventlog

NXLog Enrichment

NXLog Enterprise and EVTX (eventlog) files