Let's Talk
Let's Talk

Windows event logging

Tags: windows events
#1 scotty

Forgive my ignorance but I'm looking to use NX Log to capture all windows events under System, Application and Security whether they be Audit, Info, error or critical. Am I correct in my assumption that with no filter's it should collect everything? <Select Path='Application'></Select> <Select Path='Security'></Select> <Select Path='System'></Select> or do I need to specify on single lines each severity level? for example: <Select Path='Application'>[System/Level=4]</Select> <Select Path='Application'>[System/Level=3]</Select> <Select Path='Application'>[System/Level=2]</Select>

and so on?

Permalink
#2 gahorvathDeactivated Nxlog ✓
#1 scotty

Forgive my ignorance but I'm looking to use NX Log to capture all windows events under System, Application and Security whether they be Audit, Info, error or critical. Am I correct in my assumption that with no filter's it should collect everything? <Select Path='Application'></Select> <Select Path='Security'></Select> <Select Path='System'></Select> or do I need to specify on single lines each severity level? for example: <Select Path='Application'>[System/Level=4]</Select> <Select Path='Application'>[System/Level=3]</Select> <Select Path='Application'>[System/Level=2]</Select>

and so on?
Hi Scotty, the module in the end is using the common event log APIs . You can even test your filter in eventviewer. [See here for an example](https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/advanced-xml-filtering-in-the-windows-event-viewer/ba-p/399761). The answer to your question is, yes, it should just work with ``` Module im_msvistalog * * * ``` Or w/o specifying a filter: ``` Module im_msvistalog ``` Gabor
Login to see more