For im_wseventing , fields Task and Category seemed to be messed up.
Take for example event 4624, with output as JSON to kafka, there is a JSON field in im_msvistalog:
"Category":"Logon",
...
"Task":12544,
Now, looking at an event 4624 collected via im_wseventing, the JSON looks like this:
"Task":"Logon"
Note: Field Category is missing! As "Task" contains the category, in reality, the Task is missing here..
Please fix that for the WEC collector.
Best regards Theo
Take for example event 4624, with output as JSON to kafka, there is a JSON field in im_msvistalog:
"Category":"Logon",
...
"Task":12544,
Now, looking at an event 4624 collected via im_wseventing, the JSON looks like this:
"Task":"Logon"
Note: Field Category is missing! As "Task" contains the category, in reality, the Task is missing here..
Please fix that for the WEC collector.
Best regards Theo
Hi Theo,
First - please, try to keep one topic in a single thread - otherwise, we will get messy really quickly. You can always edit/add content to your existing thread.
Which NXLog version do you use?
Could you share your conf?
Best regards,
Rafal
