NetXMS Support Forum

I am new to NetXMS, and having a tough time configuring it to collect logs from various servers.  What I want to do is to configure the agent to forward ALL the syslog and the Windows Event log messages to the server, but it doesn't matter what I tried, I could not get the log messages to show up in the management console.

I am using the following version:

NetXMS Server Version 2.0.1 Build 8059 (2.0.1-RELEASE) (UNICODE)
NXCP: 3.47.1.3 (AES-256, Blowfish-256, IDEA, 3DES, AES-128, Blowfish-128)

NetXMS Core Agent Version 2.0.1 Build 8059 (2.0.1-RELEASE) (UNICODE)
NetXMS Management Console: 2.0.1

In my nxagentd.conf, I have:

#
# NetXMS agent configuration file
# Created by server installer at Fri Jan 15 13:20:31 2016
#

# LogFile = {syslog}
LogFile = C:\Khai\doNotDelete\NetXMSHome\Log\netxms-agent.log
DebugLevel = 9

MasterServers = 127.0.0.1, 192.168.41.184
FileStore = C:\Khai\doNotDelete\NetXMSHome\NetXMS\var
RequireAuthentication = no
SubAgent = winperf.nsm
SubAgent = portcheck.nsm
SubAgent = logwatch.nsm

# Below is log parser definitions
*LOGWATCH
Parser = C:\Khai\doNotDelete\NetXMSHome\LogParsers\WindowsEventLogParser.xml

The content of C:\Khai\doNotDelete\NetXMSHome\LogParsers\WindowsEventLogParser.xml:

<parser>
   <file>*System</file>
   <rules>
      <rule>
         <match>.*</match>
      </rule>
   </rules>
</parser>

From the Configuration -> Syslog Parser screen, I've configured the matching regular expression to be .* and everything else are empty or default value.

The EnableSyslogDaemon flag is set to 1.

I've restarted the agent and the server, but from Monitor -> Syslog and Monitor -> Events screens, it is empty.

Is this a known problem with the version that I am using?  What am I doing wrong?  Am I missing anything?

Can someone please tell me if I am missing something?

Hi,

in your parser definition you miss <event> tag. Without it parser matches all events but do not send anything to the server.

Best regards,
Victor