Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.
Simple Question "What is wrong with my config ?"
sillvana662 created
Config works without <QueryXML> lines.
When i add thoose lines it stops sends any data.
I tested with user modification or login fail etc.
Thanks for your help
<Extension syslog>
Module xm_syslog
</Extension>
<Extension xml>
Module xm_xml
</Extension>
<Input eventlog>
Module im_msvistalog
<QueryXML>
<QueryList>
<Query Id="0">
<Select Path="Security">*[System[(Level=1 or Level=2 or Level=3 or Level=4 or Level=0) and (EventID=1102 or EventID=4719 or EventID=4704 or EventID=4717 or EventID=4738 or EventID=4798 or EventID=4705 or EventID=4674 or EventID=4697 or EventID=4648 or EventID=4723 or EventID=4946 or EventID=4950 or EventID=6416 or EventID=6424 or EventID=4732)]]</Select>
</Query>
</QueryList>
</QueryXML>
Exec $Message = to_xml(); to_syslog_bsd();
</Input>
<Output tcp>
Module om_tcp
Host 127.0.0.1
Port 514
</Output>
<Route eventlog_to_tcp>
Path eventlog => tcp
</Route>
sillvana662 created
