Nxlog CE agent forwarding all Windows Events despite the query level filter

Hello everybody, I'm trying to filter Windows events log with severity/level only from warning to critical, so from level 1 to 3.

Unfortunately, I tried several configurations, but the agent is still forwarding all the events. Like if there were no filters.

My specifications are, Nxlog CE Agent (version 2.10.2102) on a Windows 10 64 bits build 1803 with this conf :

AskedDecember 6, 2018 - 3:22pm

Nxlog syntax for capturing Windows Event Viewer logs

Hello, I am using NXLOG to capture windows event viewer logs . I have below requirements
(1) Forward Event ID 4624 events
(2) Forward Event ID 4689 events only for a specific process name (say notepad.exe) . By default 4689 is common to many processes.

AskedFebruary 21, 2018 - 6:02pm

NXLog SeverityValue for Windows Events

When NXLog ships a Windows event, it appears to be changing the Windows original severity level, and replacing it with SeverityValue and Severity with different values.   What is the mapping of these values?  If Windows has severity values, with "Level" being 4 for Information, 3 for Warning, 2 for Error and 1 for Critical, what is the nxlog created SeverityValue?


Also, I couldn't find an explaination of why this value is changing.  

AskedMay 16, 2016 - 6:29pm