Windows XML Event Log (EVTX) parser
Available in AxoSyslog version 4.5 and later.
The new windows-eventlog-xml-parser() can parse messages in the Windows XML Event Log (EVTX) format.
Example configuration:
parser p_win {
windows-eventlog-xml-parser(prefix(".winlog."));
};
The windows-eventlog-xml-parser() parser has the same parameters are the same as the xml() parser.
Don’t forget to include the parsers in a log statement to actually use it:
log {
source(s_local);
parser(windows-eventlog-xml-parser(prefix(".winlog.")));
destination(d_local);
};
Last modified February 27, 2025: Merge pull request #110 from axoflow/strptime-formatting-fix (2f838bd)