Windows XML Event Log (EVTX) parser
Available in AxoSyslog version 4.5 and later.
The new windows-eventlog-xml-parser()
can parse messages in the Windows XML Event Log (EVTX) format.
Example configuration:
parser p_win {
windows-eventlog-xml-parser(prefix(".winlog."));
};
The windows-eventlog-xml-parser()
parser has the same parameters are the same as the xml()
parser.
Don’t forget to include the parsers in a log statement to actually use it:
log {
source(s_local);
parser(windows-eventlog-xml-parser(prefix(".winlog.")));
destination(d_local);
};
Last modified January 28, 2024: [4.6] EVTX parser (3f4bc5a)