1
response

Hi,
I’m trying to configure the windows event forwarding from a Windows machine to the nxlog machine using the wseventing module and we want to use the http protocol on port 80.
The two machines are on the same domain, so with the kerberos already configured, but Nxlog gives me the following error:

2019-08-28 09:30:45 ERROR https is required for im_wseventing without kerberos support at C:\Program Files\nxlog\conf\nxlog.conf:156

this is the configuration of nxlog entered as described on the documentation:

<Input wseventing>
Module im_wseventing
Address http://nxlog.domain.cloud:80/wsman
ListenAddr 0.0.0.0
Port 80
SubscriptionName test
Exec log_info(to_json());
<QueryXML>
<QueryList>
<Query Id="0" Path="Application">
<Select Path="Application">*</Select>
<Select Path="Security">*</Select>
<Select Path="Setup">*</Select>
<Select Path="System">*</Select>
<Select Path="ForwardedEvents">*</Select>
<Select Path="Windows PowerShell">*</Select>
</Query>
</QueryList>
</QueryXML>
</Input>

Being both machines on the same domain, seems a strange mistake, do you have any ideas?

Thank you
Antonio

AskedAugust 28, 2019 - 10:53am

Answer (1)