responses
Hello,
I am evaluating NXLog using the Community Edition. I created input as shown below to monitor certain Windows events and forward them via email. Everything is working as expected except that $Message or $raw_event variables always return word "true" instead of actual details about the event. Is this a limitation of the CE or am I doing something else wrong? Many thanks in advance for your assistance.
<Input eventlog>
Module im_msvistalog
<QueryXML>
<QueryList>
<Query Id="0" Path="Application">
<Select Path="Application">*[System[Provider[@Name='Symantec AntiVirus' or @Name='Symantec Network Protection']]]</Select>
</Query>
</QueryList>
</QueryXML>
<Exec>
exec("c:/utils/mailsend.exe", "-to", "info@****.com", "-body", $raw_event, "-subject", "Symantec EPP Alert");
</Exec>
</Input>
Comments (3)
Thank you for your answer - you are absolutely right. However changing my exec statement as follows...
exec("c:/utils/MailSend.exe", "-to", "info@****.com", "-body", '"'$raw_event'"', "-subject", "Symantec EPP Alert");
... results in:
ERROR Couldn't parse Exec block at C:\Program Files (x86)\nxlog\conf\nxlog.conf:60; couldn't parse statement at line 61, character 95 in C:\Program Files (x86)\nxlog\conf\nxlog.conf; syntax error, unexpected TOKEN_STRING, expecting )
'"' + $raw_event + '"'
vs'"'$raw_event'"'
This has done the trick! Thank you very much.