i would like to only send a event logo 4663 to graylog which 4663 can let me know who deleted file
.but i got a error on nxlog which is “nxlog failed to start: Expected but saw at C:\Program Files (x86)\nxlog\conf\nxlog.conf:27”
Could anyone please help to look at that .
nxlog is here:
*[EventData[Data[@Name="ObjectType"] and (Data="File")]] and *[System[(EventID="4663")]] </Select> </Query> </QueryList>
Path in => out