Using nxlog 'im_mseventlog' module I'm able to forward all Windows Logs (Application, Security, System... ) logs to the remote syslog server. But I'm not able to forward eventlogs present under 'Application and Service Logs -> Microsoft -> Windows -> Windows Firewall with Advanced Security Logs' to the syslog server using nxlog. Is there any module to forward those event logs
Asked
Active
Viewed 1,720 times
2 Answers
2
Got solution for forwarding 'Application and Service Logs -> Microsoft -> Windows -> Windows Firewall with Advanced Security Logs' using nxlog.
Need to add the following Query inside the 'im_msvistalog' module
Query <QueryList> \
<Query Id="0"> \
<Select Path="System">*</Select> \
<Select Path="Application">*</Select> \
<Select Path="Security">*</Select> \
<Select Path="Microsoft-Windows-Windows Firewall With Advanced Security/Firewall">*</Select> \
</Query> \
</QueryList>\
This would forward the windows firewall with advanced security log along with other eventlogs. Thanks for the answers and suggestion.
Arun
- 83
- 1
- 3
- 12
0
AFAIK there is no other EventLog modules for nxlog. It could be possible that Enterprise version is more capable in this field than Community version I assume your are using.
Maybe not directly answering your question but you can try other log shipper ... I recommend https://github.com/Cimpress-MCP/TimberWinR, it uses MS's LogParser to access EventLog.
MAQ
- 111
- 2