1
response

There is no detailed description of the use of the xm_filelist module in the manual.
I made a configuration based on the guide https://nxlog.co/question/4095/drop-win-event-message-based-text-file-content, but it does not work.
Help me, why the configuration does not work?

<Extension Testlist>
Module xm_filelist
File "c:\logs\List\Testlist.txt"
CheckInterval 600
</Extension>

<Input in_ForwardedEvents>
Module im_msvistalog
ReadFromLast False
SavePos True
ResolveSID False
PollInterval 5
<QueryXML>
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">*[System[(EventID=4624)]]</Select>
</Query>
</QueryList>
</QueryXML>
</Input>

<Processor proc_list>
Module pm_transformer
<Exec>
if Testlist->contains($TargetUserName,$true) $rule = "rule1";
</Exec>
</Processor>

<Output out_file_raw>
exec to_json();
Module om_file
CreateDir TRUE
File 'c:\\logs\\test.log'
</Output>

<Route rout_file>
Path in_ForwardedEvents=> proc_list => out_file_raw
</Route>

Give an example configuration using the xm_filelist module.

AskedOctober 28, 2019 - 4:53pm

Answer (1)