NetXMS Support Forum

I use the "windows event parser" on the server side and then activate the event, where it is possible to use in the body of the message, for example, the parameters% 1,% a,% s and the like.
It is possible to name a capturing group, for example (? P <name> xxx), within the regular expression in the "windows event parser" and then refer to this group in the body of the message.

Unfortunately, I did not succeed in various attempts ☹

thank you very much

Did you manage to simulate the problem or is it OK for you? Thank you

Quote from: Dawid Kellerman on September 22, 2021, 08:19:48 PM
Hi Hugo

I do not know if this relates to the wineventsync but I think it does..

For Windows Event Log agent keeps status information in Windows registry. On agent start records that were added while the agent was stopped will be parsed.

From https://www.netxms.org/documentation/adminguide/log-monitoring.html?highlight=registry

I will also test to see

Regards Dawid

I tried to write an event to the Eventlog and it came OK to the NetXMS server. Then I turned off the "NetXMS agent" service and wrote more data to the Eventlog. Unfortunately, the difference events did not occur after starting the service. 

I have already verified this behavior on multiple installations. Current NetXMS agent I have installed - 3.8.314

I am now using the extension SubAgent = wineventsync.nsm and I would like to ask if it is possible to set the sending of events with Windows eventlog additionally to handle the consistency of data sent to the NetXMS DB when the NetXMS agent is not running or the NetSMS server is not running.

For the extension SubAgent = logwatch.nsm, this functionality is solved by the parameter:

[logwatch]
ProcessOfflineEvents = yes

It is possible to set something similar for wineventsync.nsm and if not, it is not considered to add this functionality.

thank you very much