Update required of a specific windows EventID
Hi,
Doing my first steps with NXlog.
I have managed to collect all “Security” windows event log and also managed to update the “Version” parameter to my own parameter - Just for a test purposes
Now I need to perform 3 tasks
- Collect all “Security” windows event log - Done
- Update the “Version” parameter from int to string - Done
- Update the “Hostname” parameter of specific event ID (for example EventID":4656) to “test” - Please advice
Thank you
<Input eventlog> Module im_msvistalog <QueryXML> <QueryList> <Query Id='0'> <Select Path='Security'>*</Select> </Query> </QueryList> </QueryXML><Exec> $Hostname = "test" ; # This task should be only for eventID 4656 $Version = string($Version); to_json(); </Exec></Input>
Hi,
Welcome to the party :)
NXLog's configuration language supports conditional statements. The configuration below is adapted to your request.
<Input eventlog>
Module im_msvistalog
<QueryXML>
<QueryList>
<Query Id='0'>
<Select Path='Security'>*</Select>
</Query>
</QueryList>
</QueryXML>
<Exec>
if $EventID = 4556 {
$Hostname = "test" ; # This task should be only for eventID 4656
}
$Version = string($Version);
to_json();
</Exec>
</Input>You can use the corresponding part of the documentation I linked under Resources to learn more.
Resources:
https://docs.nxlog.co/ce/current/index.html#lang_statement_if
Gabor
