Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.
nxlog 4-99-4527 (evtx files)
micsnare created
hi all,
not sure if you can help me, but I recently installed the latest (beta) version of nxlog 4-99.4527 to test the multiple evtx files support.
my config looks like this:
<Input eventlog>
Module im_msvistalog
File "C:\Users\test\Desktop\logs\*.evtx"
</Input>
<Output file_from_eventlog>
Module om_file
File "C:\logs\evtx_new.log"
Exec to_json();
</Output>
while it perfectly outputs to the local file in JSON output :),
i still get the following error in the nxlog.log
2019-02-01 15:33:01 ERROR failed to query msvistalog events from file (C:\Users\test\Desktop\logs\Microsoft-Windows-SettingSyncOperational.evtx),[error code: 1287]; Zur Bestimmung der Fehlerursache stehen nicht genügend Informationen zur Verfügung.
I'm sorry that the error message is in german but roughly translated it means "Not enough information is available to determine the cause of the error."
any ideas what could cause this error?
many thanks in advance,
theresa
micsnare created