I am trying to forward Windows 2016 event logs to a RHEL 7 syslog collector, on the community edition. I am not receiving any logs at the collector. I know that this is not a network issue as syslog generator tools (such as kiwi) are working. Current config is below:
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
<Select Path="Security">*[System[(EventID=4624 or EventID=4634 or EventID=4656 or EventID=4659 or EventID=4662 or EventID=4663 or EventID=4672 or EventID=4676 or EventID=6272 or EventID=6278)]]</Select>\
Path in => out
Any pointers as to where I'm going wrong? Ideally I would like to send all Windows Event logs, not just the IDs listed above.