2
responses

Hi all,
Anybody here already using NXLog on Windows 2022? I seems to work pretty fine but I just figure that certain events just are not caught, for instance, EventID 4625, for Login failures. Despite I can see lots of occurrences on Event Viewer, they are not sent to my log server.

AskedMarch 8, 2022 - 5:59pm

Answer (1)

NXLog CE should be working fine on the Win 2022 servers. There could be some kind of filtering applied to your NXLog's module im_msvistalog. Please check what kind of log is the EventID 4625 (Application, Security, System, etc) and what severity is assigned to it and then make sure that it has not been filtered out. Please check the documentation page The configuration in this example collects the all the Application and System logs and the Security channel logs with levels below 4.

Comments (1)

  • DaniloMussolini's picture

    Thanks for the reply.

    I actually don't have filters configured. My conf is just like the example bellow:

      <Input in>
                   Module       im_msvistalog
      </Input>
      <Output out>
                   Module om_udp
                   Host 192.168.1.5
                   Port 12201
                  OutputType GELF
      </Output>
    
    
     <Route server>
                     Path in => out
     </Route>
    

    So, something curious is, the EventID 4624 which is at the same category and has the same severity, is sent to the server normally.