QueryXML conditionally, based on what's installed on Windows server?
Hi all,
How do I divide my NxLog configuration file into conditionals based on queries? I have an nxlog.conf that doesn't apply equally to all hosts, and NxLog fails if it has to query something that doesn't exist on a Windows server.
I'd like to keep 1 nxlog.conf for all servers instead of having to maintain many confs for a variety of servers.
In psuedocode:
if [ exists Microsoft-Windows-TerminalServices ]
then
<query id="3">
<Select Path="Microsoft-Windows-TerminalServices-SessionBroker-Client/Operational">*</Select>
</query>
However I'm having a hard time translating a lot of the "if statements" I see to NxLog query formats.. anyone have any resources or tips to guide me?
Here's what I tried, obviously wrong, <Exec> cannot be in <QueryList>
<Exec>
if ($Channel == 'Microsoft-Windows-TerminalServices-SessionBroker/Operational')
<Query id="3">
<Select Path="Microsoft-Windows-TerminalServices-SessionBroker/Operational">*</Select>
</Query>
</Exec>
Also tried:
<Exec>
if ($Channel == 'Microsoft-Windows-TerminalServices-SessionBroker/Operational') \
<QueryXML> \
<QueryList> \
<Query id="3"> \
<Select Path="Microsoft-Windows-TerminalServices-SessionBroker/Operational">*</Select> \
</Query> \
</QueryList> \
</QueryXML>
</Exec>
</Input>
Thanks for your help.
There is a parameter than can help to achieve that, but it is only available in the Enterprise Edition:
TolerateQueryErrors This boolean directive specifies that im_msvistalog should ignore any invalid sources in the query. The default is FALSE: im_msvistalog will fail to start if any source is invalid
