Hello!
I noticed that the value of the ProcessID field in sysmon event does not match the value of the ProcessID field which is nested in the Message field. Is it normal?
The sample sysmon event from https://nxlog.co/documentation/nxlog-user-guide/sysmon.html is bellow
I want to send the window event log generated from the normal PC to the graylog.
My first plan was to install sysmon and send it to graylog, but I had difficulty with the transport part
So I got to know nxlog.
I need the Windows event log from sysmon, which is the Windows security log. Can I check this in nxlog?
Thank you for your guide.
And I want to know the difference between nxlog and sysmon log
The article on structured logging (https://nxlog.co/why-use-structured-logging) shows how you should use structured logging so that changes in log format is minimized. The example of the sysmon event, process creates, shows what I think is a bug in NXLog.
