Not Fetching "System" log filter by Event ID
Tags:
System
#1
chirag_darji
Hello. My query is i am trying to fetch "System Event log" from the windows 10 using below input. but problem is the system log is not fetching and putting the file by NXLOG. else i have tried to fetch "Application log" Using below method but that time log is fetching and working. but only "system" log can't fetch. <Input eventlog> Module im_msvistalog SavePos TRUE <QueryXML> <QueryList> <Query Id="0"> <Select Path="System">*[System[(Level=1 or Level=2 or Level=3 or Level=4 or Level=0) and (EventID=3 or EventID=20)]]</Select> </Query> </QueryList> </QueryXML> Exec to_json(); </Input>
#1
chirag_darji
Hello.
My query is i am trying to fetch "System Event log" from the windows 10 using below input. but problem is the system log is not fetching and putting the file by NXLOG. else i have tried to fetch "Application log" Using below method but that time log is fetching and working. but only "system" log can't fetch.
<Input eventlog>
Module im_msvistalog
SavePos TRUE
<QueryXML>
<QueryList>
<Query Id="0">
<Select Path="System">*[System[(Level=1 or Level=2 or Level=3 or Level=4 or Level=0) and (EventID=3 or EventID=20)]]</Select>
</Query>
</QueryList>
</QueryXML>
Exec to_json();
</Input>
Hello Sir,
Can you try the following option?
<Select Path="System">*</Select>
Sincerely Klevin
