Hi,
I have found a number of items on collecting logs from CloudWatch, but none on forwarding events to CloudWatch? I think we would need those App Keys we generate etc.
Anyone have any information on this or better yet - a CloudWatch Forwarder Template.
My thanks,
MG
Take for example event 4624, with output as JSON to kafka, there is a JSON field in im_msvistalog:
"Category":"Logon",
...
"Task":12544,
Now, looking at an event 4624 collected via im_wseventing, the JSON looks like this:
"Task":"Logon"
Note: Field Category is missing! As "Task" contains the category, in reality, the Task is missing here..
Please fix that for the WEC collector.
For event 4688 I can only extract the parent process id out of the message body but there is no field in JSON containing only the parent process id. In im_msvistalog this field is properly added to JSON. Example in im_wseventing:
When I check the Windows "Services", it is running, but the logs are not transferred.
After restarting the service, it works fine for a few days. After a few days, the logs will not be transferred.
I think that "★" is because the transfer destination server is temporarily offline.
If I can't connect even once, can I connect after that?
Hello everyone. I'm new to NXLog but I'm glad to be here and to learn.
We have the Enterprise edition and I'm trying to work out how the template structure works. The user doc (135.3. Creating Templates) references the image below.
