Request trial
Request Trial

Import .evt files

Tags:
#1 Deleted user

Hello,

Is there a way to import .evt files with nxlog? Using im_file doesn't throw errors, but data doesnt seem to ship.

I also tried using:

module im_mseventlog file "file_path"

but that didn't work either.

Thanks for your help.

Permalink
#2 Zhengshi Nxlog ✓
#1 Deleted user
Hello, Is there a way to import .evt files with nxlog? Using im_file doesn't throw errors, but data doesnt seem to ship. I also tried using: module im_mseventlog file "file_path" but that didn't work either. Thanks for your help.

Please see the manual for descriptions of the directives.
Note that in this example I have everything in the default locations.
To find the event log files, right click on the logs inside of EventLog and choose properties.
For System, this gave me %SystemRoot%\System32\Winevt\Logs\System.evtx

<Input eventlog>
    Module  im_msvistalog
    File    C:\Windows\System32\winevt\Logs\system.evtx
</Input>

<Output output>
    Module  om_file
    File    "C:\Windows\Temp\evt.log"
    Exec    to_json();
</Output>

If this is not working for you, it is possible that the path is incorrect or there is something else going on. In the case of errors, nxlog.log should produce something to go off of, or running the service from command line with nxlog -f after stopping the service sc stop nxlog.
Login to see more

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS