Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.
Getting the correct select path setup
rd237 created
I am wanting to see if this is possiable to put in a line for Input event log.
<Input eventlog>
Module im_msvistalog
SavePos FALSE
ReadFromLast TRUE
Query <QueryList>\
<Query Id="0">\
<Select Path="System">*[System[(EventID=22 or EventID=1076 or EventID=6005 or EventID=6006)]] and *[System/Level=2]</Select>\
</Query>\
</QueryList>
</Input>
Can i have this line in the select path along with just detecting event logs? I also want to monitor all Error messages.
*[System/Level=2]
rd237 created
NXLog on Windows server 2003 (im_mseventlog) invalid keyword: Query problem
emve created
Hi,
I have installed NXLog on Windows server 2003 with this configuration (example from NXLog reference manual)
<Input in>
# Module im_msvistalog
# For windows 2003 and earlier use the following:
Module im_mseventlog
Query <QueryList> <Query Id="0"> <Select Path="Security">*</Select> </Query> </Querylist>
</Input>
I received "ERROR invalid keyword: Query" in nxlog.log :
2015-11-27 10:57:38 ERROR invalid keyword: Query at C:\Program Files\nxlog\conf\nxlog.conf:21
This configuration is working fine with "Module im_msvistalog" on Windows Server 2008 and later.
(http://www.developpez.net/forums/d1545842/systemes/windows/windows-serveur/solution-nxlog-graylog/)
How can I fix this problem ?
Thank you,
emve created
