EventLogs not shipped from Windows 2016 to NXlog

[dlukinski]

Hello Nagios Log Support

We've configured NXlog client on Windows 2016, but no logs shipped to Nagios Log

Conf file attached.

[cdienger]

If your goal is to only send those specific event IDs you want to use the logical AND and not the OR:

Exec if not ($EventID == 4624 AND $EventID == 4634 AND $EventID == 4648 AND $EventID == 4672) drop();

[dlukinski]

If your goal is to only send those specific event IDs you want to use the logical AND and not the OR:

Exec if not ($EventID == 4624 AND $EventID == 4634 AND $EventID == 4648 AND $EventID == 4672) drop();

I am not getting ANY logs through
- all other LOG shpping installs for Events use OR (AND means combined?)

[cdienger]

Not getting ANY logs would make sense with this logic. For example, say event 4624 came in, the first part:

$EventID == 4624

would evaluate to true, but the rest of the line would still be executed:

$EventID == 4634

would evaluate to false because 4624 !=4634. The action would then be to drop();

[dlukinski]

Not getting ANY logs would make sense with this logic. For example, say event 4624 came in, the first part:

$EventID == 4624

would evaluate to true, but the rest of the line would still be executed:

$EventID == 4634

would evaluate to false because 4624 !=4634. The action would then be to drop();

Log shipping still not happenning (changed CONF file even so that all other CONF files we had successfully worked with "OR" instead)

[scottwilkerson]

Can you share the current config for us to review?

[cdienger]

I see you've opened a ticket. We'll close this thread and continue to work through the ticket.