I have installed NXLog on Windows server 2003 with this configuration (example from NXLog reference manual)

<Input in>

#    Module      im_msvistalog

# For windows 2003 and earlier use the following:

Module      im_mseventlog

 Query <QueryList> <Query Id="0"> <Select Path="Security">*</Select> </Query> </Querylist>


I received "ERROR invalid keyword: Query" in nxlog.log :

2015-11-27 10:57:38 ERROR invalid keyword: Query at C:\Program Files\nxlog\conf\nxlog.conf:21

This configuration is working fine with "Module      im_msvistalog" on Windows Server 2008 and later.


How can I  fix this problem ?


Thank you,


AskedNovember 27, 2015 - 11:19am

Answer (1)

The XML Query cannot be used by im_mseventlog, see the Sources directive that is applicable here. For more sophisticated filtering you can still use drop() conditionally within the Exec directive as in any other module.