Integrating Windows Events

## This is a sample NXLog configuration file created by Loggly. June 2013
## See the nxlog reference manual about the configuration options.
## It should be installed locally and is also available
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html
define ROOT C:\Program Files (x86)\nxlog
define ROOT_STRING C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel INFO
# Include fileop while debugging, also enable in the output module below
<Extension fileop>
 Module xm_fileop
</Extension>
<Extension json>
 Module xm_json
</Extension>
<Extension syslog>
 Module xm_syslog
</Extension>
<Input internal>
 Module im_internal
 Exec $Message = to_json(); 
</Input>
# Windows Event Log
<Input eventlog>
# Uncomment im_msvistalog for Windows Vista/2008 and later
 Module im_msvistalog
#Uncomment im_mseventlog for Windows XP/2000/2003
 #Module im_mseventlog
 Exec $raw_event = to_json();
</Input>
<Processor buffer>
Module pm_buffer
# 100MB disk buffer
MaxSize 102400
Type disk
</Processor>
<Output out>
 Module om_tcp 
 Host data.cloudlytics.com
 Port 12345 
 Exec $raw_event = "<STREAM_TOKEN>:TAGS,TAGS " + $raw_event; 
 #Use the following line for debugging (uncomment the fileop extension above as well)
 #Exec file_write("C:/Program Files (x86)/nxlog/data/nxlog_output.log", $raw_event);
</Output>
<Route 1>
 Path internal, eventlog => buffer => out
</Route>