using im_msvistalog to read fron .evtx files directly
Tags:
#1
okamalo
I am trying out the enterprise edition, and could not find documentation for reading event logs directly from .evtx file only, can anyone help in a sample config.
#1
okamalo
I am trying out the enterprise edition, and could not find documentation for reading event logs directly from .evtx file only, can anyone help in a sample config.
See the NXLog Enterprise Edition Reference Manual that's bundled with the installer.
Basically you will need the following instead of Query:
File C:\Windows\System32\winevt\Logs\System.evtx
