I haven’t overcome the problem above.
Could anyone please share idea of ;
-The possible methods of determining the root cause of the problem
-The possible methods of overcoming this problem
As soon as you can, please!
When sending event logs from NXlog, a certain event log has never been sent to the windows log collection server.
Event ID: 4624（Successful Logon）->Has not been sent
Event ID: 4634（Logout）->have been sent
<The methods already tested >
The following debug log was configured in order to test that target event log (ID: 4624) was recognized by NXlog.
Exec if ($EventID == 4624) log_info("EventID = 4624 | " + $EventID + " | " + $EventTime);
The test shows that the event log was recognized by NXlog, as it was output to NXlog as follows.
2021-05-14 19:22:17 INFO EventID = 4624 | 4624 | 2021-05-14 19:22:17
2. Explicit output of the target event log (ID4624);
The test shows that the expected event log has not been sent, though the following event logs were sent after specified event logs explicitly.
#In Windows Event Log (Event ID：4624 or 4625)
Exec if ($EventID == 5156) drop();
Exec if ($EventID == 4624) log_info("EventID = 4624 | " + $EventID + " | " + $EventTime + " | " + $Hostname);
<Select Path="Security">*[System[(EventID=4624 or EventID=4625)]]</Select>