Request trial
Request Trial

Simple Question "What is wrong with my config ?"

View thread
sillvana662

Config works without <QueryXML> lines. When i add thoose lines it stops sends any data. I tested with user modification or login fail etc.

Thanks for your help

<Extension syslog> Module xm_syslog </Extension>

<Extension xml> Module xm_xml </Extension>

<Input eventlog> Module im_msvistalog <QueryXML> <QueryList> <Query Id="0"> <Select Path="Security">*[System[(Level=1 or Level=2 or Level=3 or Level=4 or Level=0) and (EventID=1102 or EventID=4719 or EventID=4704 or EventID=4717 or EventID=4738 or EventID=4798 or EventID=4705 or EventID=4674 or EventID=4697 or EventID=4648 or EventID=4723 or EventID=4946 or EventID=4950 or EventID=6416 or EventID=6424 or EventID=4732)]]</Select> </Query> </QueryList> </QueryXML> Exec $Message = to_xml(); to_syslog_bsd(); </Input>

<Output tcp> Module om_tcp Host 127.0.0.1 Port 514 </Output>

<Route eventlog_to_tcp> Path eventlog => tcp </Route>

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS