Print Page - Collecting Windows Event Logs, missing event Source and Event ID

Title: Collecting Windows Event Logs, missing event Source and Event ID
Post by: hkusulja on May 07, 2014, 09:20:54 PM

Hi,
i have configured simple windows event logging using NetXMS agent nad XML file:

Code Select


<parser>
<file>*Application</file>
  <rules>
    <rule>
      <level>1</level>
      <match>(.*)</match>
      <event params="1">100002</event>
    </rule>
</parser>

In my Event in Event Template, with message: %1

After I do have some Alarms generation in Event Processing Policy with message %m , etc.

Question is, how can I get more data from Windows Event Log - I am missing "Source" and "Event ID" from Event Log.
Which parameter it is (I have tried %2 and %3 in my Event template but does not work), so how to pull this info into the NetXMS server also?

Thank you

Title: Re: Collecting Windows Event Logs, missing event Source and Event ID
Post by: pedrong on May 26, 2014, 12:10:22 PM

hi hksulja, have you found an answer to your question? If so, could you share with us? Thanks!!

Title: Re: Collecting Windows Event Logs, missing event Source and Event ID
Post by: Victor Kirhenshtein on May 26, 2014, 03:15:22 PM

Hi!

Starting with version 1.2.14 agent appends event source, event ID, and event severity to NetXMS event. Actual position depends on number of capture groups. For example, for rule defined as

Code Select


    <rule>
      <level>1</level>
      <match>(.*)</match>
      <event params="1">100002</event>
    </rule>

(with 1 capture group) source will be available as %2, event ID as %3, and severity as %4.

Best regards,
Victor

Title: Re: Collecting Windows Event Logs, missing event Source and Event ID
Post by: pedrong on May 27, 2014, 04:08:53 AM

Victor, thank you very much!

NetXMS Support Forum

English Support => General Support => Topic started by: hkusulja on May 07, 2014, 09:20:54 PM