NetXMS Support Forum

Hi,

i have configured netxms for Window Event log monitoring and i'm able to obtain the log from the device.
Here is an example of my parser file:

<parser><file>*Security</file><rules><rule><match>(.*)</match><id>1102</id><event params="1">100007</event></rule><rule><match>(.*)</match><id>5025</id><event params="1">100007</event></rule><!-- more <rule> tags can follow --></rules></parser>

If you look at the image in attachment, i'm able to get all data present in the text area of the general tab (From "Faulting app" ..........to "...643") .
Now, i need to include in the information sent from the Window machine to Netxms the ID of the Window Event.
How can i do this?
My goal is to have an unique netxms event for the log, and in the message area of the log i put, further the data i already get, the event id of the log; generally, i don't want a netxms event for each event id I'm monitoring.

In the Window Event log, if I look in the Detail tab of an event, i see are present 2 main area:
-System
-UserData

Using the regular expression (.*) i get the info presents in UserData area, while the id of the event is stored in the System area...So,Is there a way to get the data presents in the System area?
If it's impossible get the event id from the Event Log, my idea is to pass the event id statically throught the parser file. My idea is:
instead of pass only 1 parameter in the event tag (event params="1">100007</event>), i want to pass two parameters: 1 for the data obtained from the Event log and 2 for the ID, that i insert manually in the parser file. Suppose that i want to pass the ID 4624, i expect something like: event params="1&2=4624">100007</event>
It's possible?

Thank you for the support!