Hi folks,

I am trying to capture analytics and debug logs on windows server 2012 r2. The logs are under applications and services log and the log path is Microsoft-Windows-DNSServer/Analytical

When I enable it, i get the following error

2018-09-19 16:52:23 ERROR failed to subscribe to msvistalog events using bookmark: The caller is trying to subscribe to a direct channel which is not allowed. The events for a direct channel go directly to a logfile and cannot be subscribed to.
2018-09-19 16:52:23 ERROR failed to subscribe to msvistalog events,the Query is invalid: [error code: 50]

I have tried few methods but none of them are working.

any idea how can we capture windows debug and analytics logs using nxlog?

AskedSeptember 19, 2018 - 11:12am

Answer (1)

Debug and Analytical channels are based on ETW and cannot be collected via im_msvistalog. See the note in the documentation.

The im_etw module provides support for Event Tracing logs.

See the Windows DNS Server section in the user guide for more details on how to collect ETW data from the Windows DNS Server.