Windows 8.1 and corrupted event log ? | nxlog.co

I had this issue, your input config needs <QueryList> lines adding, see my example below:

# Monitor Windows event logs
<Input eventlog>
# Uncomment for Windows Vista/2008 or later
Module im_msvistalog

Query       <QueryList>\
<Query Id=”0″>\
<Select Path=”Application”>*</Select>\
<Select Path=”System”>*</Select>\
<Select Path=”Security”>*</Select>\
<Select Path=”Setup”>*</Select>\
</Query>\
</QueryList>

# Uncomment for Windows 2000 or later
# Module im_mseventlog
</Input>

Source: Windows 8.1 and corrupted event log ? | nxlog.co

That worked for me on Windows 10.

Advertisements