1
response

Hi,

I have installed NXLog on Windows server 2003 with this configuration (example from NXLog reference manual)

<Input in>

#    Module      im_msvistalog

# For windows 2003 and earlier use the following:

Module      im_mseventlog

 Query <QueryList> <Query Id="0"> <Select Path="Security">*</Select> </Query> </Querylist>

 </Input>

I received "ERROR invalid keyword: Query" in nxlog.log :

2015-11-27 10:57:38 ERROR invalid keyword: Query at C:\Program Files\nxlog\conf\nxlog.conf:21

This configuration is working fine with "Module      im_msvistalog" on Windows Server 2008 and later.

(http://www.developpez.net/forums/d1545842/systemes/windows/windows-serveur/solution-nxlog-graylog/)

How can I  fix this problem ?

 

Thank you,

 

AskedNovember 27, 2015 - 11:19am

Answer (1)

The XML Query cannot be used by im_mseventlog, see the Sources directive that is applicable here. For more sophisticated filtering you can still use drop() conditionally within the Exec directive as in any other module.