creating a query for Hyper-V
Hello,
I would like to forward logs generated by HypErV.
In event viewer they are in Applications and Services logs -> Microsoft -> Windows -> Hyper-V-*
I tried to add a query in the input configuration but I didn't manage to find the correct path to configure.
I tried several path but each time I have an error "the channel was not found "
Query <QueryList> \
<Query Id="0"> \
<Select Path="Security">*</Select> \
<Select Path="Hyper-V-logs">*</Select> \
</Query> \
</QueryList>
</Input>
What should I put instead of Hyper-V-logs to send hyperV logs?
Can someone help me?
Regards,
Hello,
I would like to forward logs generated by HypErV.
In event viewer they are in Applications and Services logs -> Microsoft -> Windows -> Hyper-V-*
I tried to add a query in the input configuration but I didn't manage to find the correct path to configure.
I tried several path but each time I have an error "the channel was not found "
Query <QueryList> \
<Query Id="0"> \
<Select Path="Security">*</Select> \
<Select Path="Hyper-V-logs">*</Select> \
</Query> \
</QueryList>
</Input>
What should I put instead of Hyper-V-logs to send hyperV logs?
Can someone help me?
Regards,
You can just copy-paste the XML query from event viewer into <QueryXML> and it should work.
See https://blogs.technet.microsoft.com/askds/2011/09/26/advanced-xml-filtering-in-the-windows-event-viewer/ and https://nxlog.co/documentation/nxlog-user-guide#windows-eventlog
