I'm using NXLog to sending Windows events and IIS logs to Loggly. We've recently onboarded a new MSSP and they have asked us to check off all IIS logging fields. This seems to break parsing of IIS logs that need to be sent to Loggly. I've contact Loggly support and they can't seem to come to a resolution.
Below is the code that we had been using for Loggly previously.
I am having no luck with a simple parsing of EVT log files.
Is there an easy way to read in EVT (Binary Log files) and output them in Syslog Format?
This is the config file I am using: (I Used python evtx to extract into text XML) However that yields XML attributes which apparently are not parse-able.
Problem Set:
Give 3 files (System.evt, Application.evt, and Security.EVT) parse the EVT format into Syslog_BSD(or IETF) formats.
I've seen some posts from about a year ago that NXLog is unable to parse attributes using xm_xml, I just wanted to check if this is still true?
I am running NXLog as a service on Windows machines and want to be able to parse the following message, is it possible?
