Import .evt files | Log collection solutions

#1 Deleted user 7 years ago

Hello,

Is there a way to import .evt files with nxlog? Using im_file doesn't throw errors, but data doesnt seem to ship.

I also tried using:

module im_mseventlog file "file_path"

but that didn't work either.

Thanks for your help.

Permalink

#2 Zhengshi Nxlog ✓ 7 years ago

#1 Deleted user

Hello,

Is there a way to import .evt files with nxlog? Using im_file doesn't throw errors, but data doesnt seem to ship.

I also tried using:

module im_mseventlog file "file_path"

but that didn't work either.

Thanks for your help.

Please see the [manual](https://nxlog.co/documentation/nxlog-user-guide#im_msvistalog_config) for descriptions of the directives. Note that in this example I have everything in the default locations. To find the event log files, right click on the logs inside of EventLog and choose properties. For `System`, this gave me `%SystemRoot%\System32\Winevt\Logs\System.evtx` Module im_msvistalog File C:\Windows\System32\winevt\Logs\system.evtx Module om_file File "C:\Windows\Temp\evt.log" Exec to_json(); If this is not working for you, it is possible that the path is incorrect or there is something else going on. In the case of errors, `nxlog.log` should produce something to go off of, or running the service from command line with `nxlog -f` after stopping the service `sc stop nxlog`.