Hi Chris,
Try removing the space from Forwarded Events: "ForwardedEvents".
Bill
--
William Easton, CISSP
Consultant
Strawgate, LLC <http://strawgate.com/>
On Tue, Jan 17, 2017 at 12:25 PM, Chris <chris2...@postbox.xyz> wrote:
> All,
>
> I'm collecting events with "Windows Event Forwarding" on a windows machine
> and I'm trying to make NXLOG forward those events to graylog.
>
> The following configuration
>
> <Input in>
> Module im_msvistalog
> ReadFromLast FALSE
> SavePos FALSE
> Query <QueryList>\
> <Query Id="0">\
> <Select Path="Application">*</Select>\
> <Select Path="System">*</Select>\
> <Select Path="Security">*</Select>\
> <Select Path="Forwarded Events">*</Select>\
> </Query>\
> </QueryList>
> </Input>
>
> gives
>
> ERROR failed to subscribe to msvistalog events,the channel was not found
> [error code: 15007]; The specified channel could not be found. Check
> channel configuration.
>
> Is there any chance to forward those "Forwarded Events"? Or is the NXLOG
> Enterprise Edition required?
>
> Thank you in advance.
>
>
> - Chris
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> nxlog-ce-users mailing list
> nxlog-ce-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
