NXLog Enterprise and EVTX (eventlog) files
micsnare
Hello all,
I'm currently running NXLog Enterprise in Version nxlog-4.0.3550-x64 with the following config:
<Input eventlog>
Module im_msvistalog
File C:\logs\Security.evtx
</Input>
<Input application>
Module im_msvistalog
File C:\logs\Application.evtx
</Input>
Trying to read-in from 2 local evtx files. In the nxlog.log I see the following error:
2019-01-21 14:34:33 ERROR ### ASSERTION FAILED at line 1945 in im_msvistalog.c/im_msvistalog_start(): "((nx_im_msvistalog_subscr_t **)(imconf->q_subs->elts))[imconf->q_subs->nelts-1]->query = imconf->_query" ###
2019-01-21 14:34:36 ERROR last message repeated 4 times
2019-01-21 14:34:36 ERROR ### ASSERTION FAILED at line 1945 in im_msvistalog.c/im_msvistalog_start(): "((nx_im_msvistalog_subscr_t **)(imconf->q_subs->elts))[imconf->q_subs->nelts-1]->query = imconf->_query" ###
Do you know what I'm doing wrong here?
From what I've read in the manual, the enterprise edition should be able to read evtx files.
best regards, micsnare
