Hi Frank, On Mon, 11 Aug 2014 16:41:54 +0200 fra...@hush.com wrote:
> Now is the question how to extract the relevant attributes. Looks > only the xml module have access to the full Windows log (guess > because Windows has it also in XML - native format). Actually you can use xm_json, xm_kvp, xm_csv and the relevant conversion functions which may be better suited (i,e. is a bit more human readable) for storing logs than XML. The input modules convert the collected data into nxlog's own internal representation (which is just a flat list of key-value pairs), so XML is not the only format you can convert data to/from. > How can I > filter now the XML data? You filter the data that's been parsed, not the XML directly. > something like > > Exec if $EventType == 'Event1' ... filter event specific > attributes Not sure the question came through, though the above should work: Exec if $EventType == 'Event1' drop(); Regards, Botond ------------------------------------------------------------------------------ _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
