Marvin, The query below works ok for me on a W2K8R2. Try setting Loglevel to Debug and check what query nxlog gets actually, look for "msvistalog query xml" in nxlog.log The query is passed to the windows eventlog API as is, nxlog does not deal with it in any way.
For invalid channels the subscription will fail with the following error: ERROR failed to subscribe to msvistalog events,the channel was not found [15007]; The specified channel could not be found. Check channel configuration. If you test with event viewer, just copy-paste the query xml from there replacing line breaks with te backslash. Another possible option to filter is using the nxlog language for that, i.e. Exec if $smth == 'smthelse' drop() Regards, Botond On Sat, 29 Jun 2013 05:55:36 +0000 Marvin Nipper <[email protected]> wrote: > OK. This is on 2.4.1054, on a W2K8 R2 server. I'm simply trying to begin > building some default Query's, in order to limit the logging to what I really > need/want, but cannot even get this initial setup to work. These are the > opening lines: > > <Input im_msvistalog> > > Module im_msvistalog > > Query <QueryList><Query Id='1'><Select > Path='Security'>*</Select></Query></QueryList> > > > That Query line always generates this error: > 2013-06-28 22:39:22 ERROR failed to subscribe to msvistalog events,the Query > is invalid: [15008] > > If I comment the Query, I get a clean startup. > > I obviously tried to perform something very basic, using the example from the > manual, and some of the Forum emails (but to no avail). What am I missing? > > Also, one other question, once I can figure out how to get this working, if I > specify a set of default Queries (in the list), as part of a "standard" > config file, and some of the referenced Channels do not exist on some of the > targeted servers, will that result in a fatal error, or will nxlog imply > generate a warning, and still process the Channels that do exist? (I'm > attempting to build a default config file, to avoid the need to customize > each conf file, for each different server. Obviously, there may be Channels > that I want to retrieve, "if they exist", but I don't want the whole thing to > "fall over" at start-up, if those are not present.) > > Thanks for your time and help. Sorry if I'm just being brain-dead with that > query. > > Marvin > > > The information transmitted, including any content in this communication is > confidential, is intended only for the use of the intended recipient and is > the property of The Western Union Company or its affiliates and subsidiaries. > If you are not the intended recipient, you are hereby notified that any use > of the information contained in or transmitted with the communication or > dissemination, distribution, or copying of this communication is strictly > prohibited. If you have received this communication in error, please notify > the Western Union sender immediately by replying to this message and delete > the original message > ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ nxlog-ce-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
