My working nxlog.conf relies on Query directives aimed at explicitly named Channels together with the im_msvistalog Module.
# Filter noise from IIS schema issues
Exec if ($Message =~ /Unable to find schema/) drop();
# Workaround for local time so as to standardize to absolute microseconds since epoch
Exec $EventTime = integer($EventTime);
# JSON is required because some Windows logs contain new-line characters.
Exec $Message = to_json();
Path blu_eventlog_iis => blu_out_eventlog_iis
I hoped to clean up some 15007 errors in the nxlog.log files included below:
2020-07-06 14:42:55 ERROR failed to subscribe to msvistalog events,the channel was not found [error code: 15007]; The specified channel could not be found.
I suspect the 15007 errors are being generated because IIS isn't setup. In other words, the named IIS Channels are queried but not found.
Is it possible to add an If/Else statement as part of those Query directives? Looking over the NXlog CE Manual I only see If/Else statement used with Exec. Any guidance would be greatly appreciated!