Created
July 17, 2017 06:56
-
-
Save jymcheong/d39ab91e347732f6920c11bc557c8365 to your computer and use it in GitHub Desktop.
nxlog query block
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Input in> | |
| Module im_msvistalog | |
| ReadFromLast True | |
| Query <QueryList>\ | |
| <Query Id="0">\ | |
| <Select Path="Security">*</Select>\ | |
| <Select Path="System">*[System/Level=4]</Select>\ | |
| <Select Path="Application">*[Application/Level=2]</Select>\ | |
| <Select Path="Setup">*[System/Level=3]</Select>\ | |
| <Select Path="Windows PowerShell">*</Select>\ | |
| <Select Path="Microsoft-Windows-Sysmon/Operational">*</Select>\ | |
| </Query>\ | |
| </QueryList> | |
| # For windows 2003 and earlier use the following: | |
| # Module im_mseventlog | |
| </Input> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment