I did that and reformatted my nxlog.conf. But messages are truncated for my platform logs, windows events look great.
########################################## ## EXTENSIONS ## ########################################## <Extension _json> Module xm_json </Extension> <Extension gelf> Module xm_gelf </Extension> ########################################## ## INPUTS ## ########################################## <Input eventlog> Module im_msvistalog Query <QueryList>\ <Query Id="0">\ <Select Path="Application">*</Select>\ <Select Path="System">*</Select>\ <Select Path="Security">*</Select>\ </Query>\ </QueryList> Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; to_json(); </Input> <Input platform> Module im_file File 'c:\\Logs\\*.log' SavePos TRUE ReadFromLast TRUE </Input> ########################################## ## OUTPUTS ## ########################################## <Output out> Module om_udp Host 192.168.1.18 Port 12201 OutputType GELF </Output> <Route 1> Path eventlog, platform => out </Route> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/412afe70-5eda-429e-a0ce-247b7886b713%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
