im_mseventlog for Windows Vista and earlier but can't seem to get it to work (simply replacing the function is no good). My question is does anyone have a NXlog conf for windows server 2003?
On a separate note, I have found this conf file (below) that fires up without errors on WIN2k3 but I am still testing it. Any help you can give me would be greatly appreciated.
# Configuration for converting and sending Windows logs
# to AlienVault USM Anywhere.
define ROOT C:\Program Files\nxlog
define OUTPUT_DESTINATION_ADDRESS 10.3.50.19
define OUTPUT_DESTINATION_PORT 514
# For windows 2003 and earlier use the following:
Exec if ($EventID == 5156) OR ($EventID == 5158) drop();
Exec $EventTime = integer($EventTime) / 1000000;
Exec $Message = to_syslog_bsd();
Path in_eventlog => out_eventlog