I am having issues setting up the config file for NXlog to pull security events from DC and send to Graylog for my school Capstone project. In the log I keep getting an error "Couldnt parse Exec block at ... couldnt parse statement at line 58, character 218 in .... sytnax error, unexpected )". I utilized a config setup from NXlog documentation and adjusted for my needs. I am not sure what is wrong as the exec block looks proper to me. Here is what I have in my config file:
define SecuritySrc Microsoft-Windows-Security-Auditing
if not (defined($SourceName) and
($EventID IN (%SecurityIDs%) and $SourceName == "%SecuritySrc%")) <------ line 58
I appreciate any help on this!