3
responses

NXLog IM_MSVistaLog module collects the Rendered Event log rather than the raw XML Windows Event Log.  

Is there a configuration option in the NXLog agent or IMVistaLog module to enable collecting the original Windows XML Event Log rather than the Rendered Event Log?

Best Regards,

Chris

 

Edit: Think I worked this out. Appears to collect the XML data but also the rendered log field. This would lead questions to be:

1) Can you disable or filter out the Message field? It's not needed.

2) Can you collect the Windows Event Log fields in the order they're written, e.g., the Provider field From testing the Provider field is renamed as Sourcename and collected out of order from the original Windows Event Log.

Reason for the above is have multiple upstream systems that require the original log format, and hence testing viability to use NXLog to retrieve Windows Event Logs.

AskedJune 14, 2017 - 10:32pm

Answer (1)

1)  Exec delete($Message);

2) Currently the rendered XML is parsed and this original XML is not retained. Perhaps an option could be implemented that allows to do that.

Comments (2)

  • b0ti's picture
    (NXLog)

    Yes, we have implemented it in the NXLog Enterprise Edition and the feature is scheduled for the next v4.2 release. I don't have any information when this would be added back to the NXLog Community Edition.