Let's Talk
Let's Talk

For im_wseventing , fields Task and Category seemed to be messed up.

Tags:
#1 TD_609646

Take for example event 4624, with output as JSON to kafka, there is a JSON field in im_msvistalog:

"Category":"Logon",
...
"Task":12544,

Now, looking at an event 4624 collected via im_wseventing, the JSON looks like this:

"Task":"Logon"

Note: Field Category is missing! As "Task" contains the category, in reality, the Task is missing here..

Please fix that for the WEC collector.

Best regards Theo

Permalink
#2 rafDeactivated Nxlog ✓
#1 TD_609646
Take for example event 4624, with output as JSON to kafka, there is a JSON field in im_msvistalog: "Category":"Logon", ... "Task":12544, Now, looking at an event 4624 collected via im_wseventing, the JSON looks like this: "Task":"Logon" Note: Field Category is missing! As "Task" contains the category, in reality, the Task is missing here.. Please fix that for the WEC collector. Best regards Theo

Hi Theo,

First - please, try to keep one topic in a single thread - otherwise, we will get messy really quickly. You can always edit/add content to your existing thread.

Which NXLog version do you use?
Could you share your conf?

Best regards,
Rafal
Login to see more