In the meantime (after solving some charset issues) I was able to
get the whole event log entry pushed to syslog:
<Input in>
Module im_msvistalog
Exec $Message = to_xml(); to_syslog_bsd();
</Input>
Now is the question how to extract the relevant attributes. Looks
only the xml module have access to the full Windows log (guess
because Windows has it also in XML - native format). How can I
filter now the XML data?
something like
Exec if $EventType == 'Event1' ... filter event specific
attributes
Frank
------------------------------------------------------------------------------
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
