You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I need to send the login/logouts of my windows servers.
Evtsys is working with 64 bits servers (Windows 2008 and superior).
My install.bat is:
"c:\windows\system32\xcopy.exe" "64bits\evtsys.exe" "c:\windows\system32" /y
"c:\windows\system32\xcopy.exe" evtsys.cfg "c:\windows\system32" /y
c:\windows\system32\evtsys.exe -i -h 10.140.220.178 -p 5000 -l 0
sc start evtsys
My config file is:
XPath:Security:<Select
Path="Security">*[EventData[Data[@Name='LogonType']='10'] and
(System[(EventID='4624')] or System[(EventID='4634')])]</Select>
The problem is with Windows Server 2003. I can't make it work.
My install.bat is:
"c:\windows\system32\xcopy.exe" "32bits\evtsys.exe" "c:\windows\system32" /y
"c:\windows\system32\xcopy.exe" evtsys.cfg "c:\windows\system32" /y
c:\windows\system32\evtsys.exe -i -h 10.140.220.178 -p 5000 -l 0 -n
sc start evtsys
The only config file that works in with only 1 event ID:
Security:528
How can I send the 528/538 events with 10 type)?
I have tested all of this, and no one works:
XPath:Security: <Select Path="Security">*[(EventID=528 or EventID=538)]</Select>
XPath:Security: <Select Path="Security">*[EventID=528 or EventID=538]</Select>
XPath:Security: <Select Path="Security">*[EventID="528" or
EventID="538"]</Select>
XPath:Security: <Select Path="Security">*(EventID=528 or EventID=538)</Select>
XPath:Security: <Select Path="Security">*</Select>
XPath:Security:<Select Path="Security">*</Select>
XPath:Security:<Select Path="Security">*</Select>
XPath:Application:<Select Path="Application">*</Select>
XPath:Setup:<Select Path="Setup">*</Select>
Path:Setup:<Select Path="Setup">*</Select>
XPath:Security:<Select
Path="Security">*[EventData[Data[@Name='LogonType']='10'] and
(System[(EventID='4624')] or System[(EventID='4634')])]</Select>
Path:Setup:<Select Path="Security">*</Select>
Path:Setup:<Select Path="Setup">*</Select>
Path="Security">*[System[Provider[@Name='Microsoft-Windows-Eventlog' or
@Name='EvtSys'] and (EventID=528 or EventID=538)]]</Select>
XPath:Security: <Select
Path="Security">*[System[Provider[@Name='Microsoft-Windows-Eventlog' or
@Name='EvtSys'] and (EventID=1301 or EventID=1302)]]</Select>
Path:Security: <Select
Path="Security">*[System[Provider[@Name='Microsoft-Windows-Eventlog' or
@Name='EvtSys'] and (EventID=1301 or EventID=1302)]]</Select>
Path:Security: <Select
Path="Security">*[System[Provider[@Name='Microsoft-Windows-Eventlog' or
@Name='EvtSys'] and (EventID=528 or EventID=538)]]</Select>
Path:Security: <Select Path="Security">*[System[(EventID=528 or
EventID=538)]]</Select>
Path:Security:<Select Path="Security">*[System[(EventID=528 or
EventID=538)]]</Select>
XPath:Security:<Select Path="Security">*[System[(EventID=528 or
EventID=538)]]</Select>
Security:<Select Path="Security">*[System[(EventID=528 or
EventID=538)]]</Select>
Security:[XPath:Security:<Select
Path="Security">*[EventData[Data[@Name='LogonType']='10'] and
(System[(EventID='4624')] or System[(EventID='4634')])]</Select>]
XPath:Security:<Select Path=”Security”>*[System[(EventID=528 or
EventID=538)]]</Select>
Path:Security:<Select Path=”Security”>*[System[(EventID=528 or
EventID=538)]]</Select>
Thanks in advance!
What version of the product are you using? On what operating system?
eventlog-to-syslog 4.5.1 32 bits (large and/or normal)
Windows Server 2003 R2
Original issue reported on code.google.com by [email protected] on 24 Mar 2015 at 8:52
The text was updated successfully, but these errors were encountered:
Original issue reported on code.google.com by
[email protected]on 24 Mar 2015 at 8:52The text was updated successfully, but these errors were encountered: