My query is i am trying to fetch "System Event log" from the windows 10 using below input. but problem is the system log is not fetching and putting the file by NXLOG. else i have tried to fetch "Application log" Using below method but that time log is fetching and working. but only "system" log can't fetch.
<Input eventlog>
Module im_msvistalog
SavePos TRUE
<Query Id="0">
<Select Path="System">*[System[(Level=1 or Level=2 or Level=3 or Level=4 or Level=0) and (EventID=3 or EventID=20)]]</Select>
Exec to_json();

AskedDecember 17, 2021 - 10:43am

Comments (1)

Answers (0)