Windows XML Event Log (EVTX) parser

Available in AxoSyslog version 4.5 and later.

The new windows-eventlog-xml-parser() can parse messages in the Windows XML Event Log (EVTX) format.

Example configuration:

parser p_win {
    windows-eventlog-xml-parser(prefix(".winlog."));
};

The windows-eventlog-xml-parser() parser has the same parameters are the same as the xml() parser.

Don’t forget to include the parsers in a log statement to actually use it:

log {
    source(s_local);
    parser(windows-eventlog-xml-parser(prefix(".winlog.")));
    destination(d_local);
};