I do admit I am totally lost about NXLog.conf for Windows 2K12 R2 machines.
The purpose is to filter some EventIDs from Security Event Log, for that I tried the below nslog.conf :
# For windows 2003 and earlier use the following:
# Module im_mseventlog
Exec if ($EventID == 4634 or $EventID == 4624 or $EventID == 4672 or $EventID == 4801 or $EventID == 64 or $EventID == 7036 or $EventID == 7040) drop();\
$Message = $FileName + ": " + $Message;\
$SyslogFacility = syslog_facility_string(22);\
$SyslogFacilityValue = syslog_facility_value("local6");\
if ( $EventType == "INFO" ) $SyslogSeverityValue = 6;\
if ( $EventType == "WARNING" ) $SyslogSeverityValue = 4;\
if ( $EventType == "ERROR" ) $SyslogSeverityValue = 3;\
Path internal, eventlog => out
Unfortunately despite the host and port are well set it doesn't work, and I also have these messages from nxlog.log :
xxxxxx WARNING no routes defined!
xxxxxx WARNING not starting unused module out
I would really appreciate any help