Windows event ID not forwarded and problem with control characters
Tags:
#1
ryssland
Hi. I am having an issue with forwarding event logs from a centralized server to an rsyslog and indexed in splunk. The logs are forwarded but the Event ID (the most important part) is missing. I am also having an issue with control characters on , this however could be blamed on rsyslog, but as I understand it the issue with control characters could be solved in the nxlog config.
Anyone care to give me a nudge in the correct way here?
//Thx
#2
ryssland
#1
ryssland
Hi.
I am having an issue with forwarding event logs from a centralized server to an rsyslog and indexed in splunk.
The logs are forwarded but the Event ID (the most important part) is missing. I am also having an issue with control characters on , this however could be blamed on rsyslog, but as I understand it the issue with control characters could be solved in the nxlog config.
Anyone care to give me a nudge in the correct way here?
//Thx
Probably an issue with rsyslog all the way I guess. As it does work on a standalone win10 machine forwarding to visual syslog. Could there be a problem with windows server setting as well?
