Protocol |
Windows Events | ||||||||||||||||||
|
| ||||||||||||||||||
Description |
Read windows LogName event log. | ||||||||||||||||||
|
| ||||||||||||||||||
Comments |
Legal values of LogName are "System", "Security" or "Application".
Special XML characters are translated according to the XML character translation table. |
<source objectId="WinSecurityLogRdr" type="WindowsLogReader" stdout="FS.DemoAlive"> <parameter type="LogName">Security</parameter> </source>
Incoming line from end of Log file:
{ The service was started. }
Resulting XML
[An ECS event represents one Windows Application Log event received]
<?xml version="1.0" encoding="UTF-8"?> <event xmlns:ev="http://www.eventgnosis.com/"> <ev:host>filipov</ev:host> <ev:app>MS Windows</ev:app> <ev:log>Application Log</ev:log> <ev:srctime>2003.11.10 05:06:39 </ev:srctime> <ev:protocol>Windows Events</ev:protocol> <ev:win.recno>2125</ev:win.recno> <ev:win.eventid>105</ev:win.eventid> <ev:win.priority>4</ev:win.priority> <ev:win.eventcategory>0</ev:win.eventcategory> <ev:win.sourcename>TrapRcvr</ev:win.sourcename> <ev:win.computername>FILIPOV</ev:win.computername> <ev:win.sid>None</ev:win.sid> <ev:win.msg>The service was started.</ev:win.msg> <ev:msg>The service was started.</ev:msg> </event>