Windows 10 11 Server 2022 nxlog community edition missing events in syslog
Hello
I startet central logging with nxlog community edition on windows
most works fine
finding a working nxlog.conf to graylog needs a lot of ours
so I hope to find better help here in the community forum
but missing several events in syslog
for example
Dns Client Events Event ID 1014
AppCrash Outlook Exe Event ID 1001
At the Moment i need to send all Windows events to the graylog syslog server
can you give me an example config file for logging all Windows events ?
thanks
my config file
++++++++++
Panic Soft
#NoFreeOnExit TRUE
define ROOT C:\Program Files\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf\nxlog.d
define LOGDIR %ROOT%\data
# define Application Crash Events
define AppCrashes 1000, 1001, 1002
include %CONFDIR%\\*.conf
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension _charconv>
Module xm_charconv
AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
</Extension>
<Extension _exec>
Module xm_exec
</Extension>
<Extension _fileop>
Module xm_fileop
# Check the size of our log file hourly, rotate if larger than 5MB
<Schedule>
Every 1 hour
Exec if (file_exists('%LOGFILE%') and \
(file_size('%LOGFILE%') >= 5M)) \
file_cycle('%LOGFILE%', 8);
</Schedule>
# Rotate our log file every week on Sunday at midnight
<Schedule>
When @weekly
Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
</Schedule>
</Extension>
<Extension _gelf>
Module xm_gelf
</Extension>
<Input win>
Module im_msvistalog
Query <QueryList>\
<Query Id="0">\
<Select Path="Application">*</Select>\
<Select Path="System">*</Select>\
<Select Path="Security">*</Select>\
</Query>\
</QueryList>
</Input>
<Output graylog>
Module om_tcp
Host syslog.geodata.local
Port 3515
OutputType GELF
</Output>
<Route graylog_route>
Path win => graylog
</Route>
