Hi all,
I must send the event logs (only event ID 4626 and 4625) in the log collector Linux. can you help me with configuration?
Thank you.
I'm attempting to enrich some Windows event logs with "ClientMachine" which needs to equal the hostname. I'm having issues with only some logs coming through with this enriched fields, and others do not contain the ClientMachine enrichment. My config is below. Any help would be greatly appreciated.
Panic Soft
define ROOT C:\Program Files\nxlog
#ModuleDir %ROOT%\modules
#CacheDir %ROOT%\data
#SpoolDir %ROOT%\data
Hello all,
I'm currently running NXLog Enterprise in Version nxlog-4.0.3550-x64 with the following config:
<Input eventlog>
Module im_msvistalog
File C:\logs\Security.evtx
</Input>
<Input application>
Module im_msvistalog
File C:\logs\Application.evtx
</Input>
Trying to read-in from 2 local evtx files. In the nxlog.log I see the following error: