how to Perform Windows NXLog.conf
Hello,
I do admit I am totally lost about NXLog.conf for Windows 2K12 R2 machines.
The purpose is to filter some EventIDs from Security Event Log, for that I tried the below nslog.conf :
<Extension _syslog>
Module xm_syslog
</Extension>
<Input>
Module im_msvistalog
# For windows 2003 and earlier use the following:
# Module im_mseventlog
Exec if ($EventID == 4634 or $EventID == 4624 or $EventID == 4672 or $EventID == 4801 or $EventID == 64 or $EventID == 7036 or $EventID == 7040) drop();\
else\
{\
parse_syslog_ietf();\
$Message = $FileName + ": " + $Message;\
$SyslogFacility = syslog_facility_string(22);\
$SyslogFacilityValue = syslog_facility_value("local6");\
if ( $EventType == "INFO" ) $SyslogSeverityValue = 6;\
if ( $EventType == "WARNING" ) $SyslogSeverityValue = 4;\
if ( $EventType == "ERROR" ) $SyslogSeverityValue = 3;\
}
</Input>
<Output out>
Module om_udp
Host 10.1.1.39
Port 1514
Exec to_syslog_snare();
</Output>
<Route 1>
Path internal, eventlog => out
</Route>
Unfortunately despite the host and port are well set it doesn't work, and I also have these messages from nxlog.log :
xxxxxx WARNING no routes defined!
xxxxxx WARNING not starting unused module out
I would really appreciate any help