3
responses
responses
MatthGyver
Hi,
I'd like to collect windows additional logs to check error of synchronisation on users computer.
So, I activated "Synclog" with this command : "wevtutil.exe sl Microsoft-Windows-OfflineFiles/SyncLog /e:true /l:3"
I added this query in my nxlog configuration file : <Select Path="Microsoft-Windows-OfflineFiles/SyncLog">*</Select>
NXLog failed to start with this error :
ERROR failed to subscribe to msvistalog events,the Query is invalid: [error code: 50]
However my query seems valid, I've build it from XML query in custom view builder on the windows event manager.
If I delete this line in my configuration file I've no problem so my problem is here.
Have you an idea please ?
Thank you
Comments (2)
Thank you, I think it's Analytic log (in event viewer, the icon are the same)
Is there a solution to redirect windows event to another chanel ?
Analytic and Debug channels are in a different format emitted by ETW (Event Tracing for Windows). While Event Viewer is able to capture these events you cannot forward them for the same reason.
We have a new input module in the works for the NXLog Enterprise Edition (currently being beta tested) that is able to collect ETW data.