Windows eventlog problem with eventdata withing tag
Tags:
#1
hgoalv
Hello,
I have a windows app that send errors to windows eventlog and I need monitoring this. The event structure is this:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System> <Provider Name="AppName" /> <EventID Qualifiers="16384">1</EventID> <Level>4</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2019-08-02T10:43:01.000000000Z" /> <EventRecordID>91524</EventRecordID> <Channel>Application</Channel> <Computer>server.domain.es</Computer> <Security /> </System>
- <EventData> <Data>Full description error</Data> </EventData> </Event>
The problem is that when I send this event to Graylog for monitoring, I can't see the contain of EventData that its the most important. I'm reading that there are some problems with data without named.
Is there any solution?
Thanks
#1
hgoalv
Hello,
I have a windows app that send errors to windows eventlog and I need monitoring this. The event structure is this:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="AppName" />
<EventID Qualifiers="16384">1</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-08-02T10:43:01.000000000Z" />
<EventRecordID>91524</EventRecordID>
<Channel>Application</Channel>
<Computer>server.domain.es</Computer>
<Security />
</System>
<EventData>
<Data>Full description error</Data>
</EventData>
</Event>
The problem is that when I send this event to Graylog for monitoring, I can't see the contain of EventData that its the most important. I'm reading that there are some problems with data without named.
Is there any solution?
Thanks
The NXLog Enterprise Edition saves this in the $EventData field. AFAIK the NXLog CE does not do this yet.
