NXLog search
Let's talk Start free
Let's talk Start free

NXLog Legacy Documentation

XPath

What is XPath?

Description

XPath stands for XML Path Language and uses a "path-like" syntax to identify and navigate nodes in an XML document. You can also use XPath queries to test addressed nodes within a document to determine whether or not they match a specific pattern.

In the world of NXLog

Windows Event Log supports a subset of XPath 1.0. You can use XPath queries to subscribe to events matching specific criteria in Windows Event Viewer and with the QueryXML directive of NXLog’s im_msvistalog module.

Event Viewer offers the most practical way to write and test queries. For example, you can test an XPath query by filtering the current log or creating a custom view. You can copy XPath queries created by Event Viewer directly into an NXLog configuration.

Known as

xpath, windows xpath, xpath filtering, event viewer xml filter

Related

XPath filtering
Filtering Sysmon events
Event Log for Windows 2008/Vista/later (im_msvistalog)

A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   R   S   T   U   V   W   X   Z

A

agent

agent-based log collection

agentless log collection

audit log

B

bandwidth

C

CEF (Common Event Format)

CSV (Comma-separated Values)

D

data source

DNS logging

E

endpoint security

EPS (Events Per Second)

ETW (Event Tracing for Windows)

event correlation

F

failover

G

GELF (Graylog Extended Log Format)

H

High Availability (HA)

I

ICMP (Internet Control Message Protocol)

IDS (Intrusion Detection System)

J

JSON (JavaScript Object Notation)

K

kernel log

KVP (Key-Value Pair)

L

LEEF (Log Event Extended Format)

log centralization

log normalization

log parsing

M

MSSP (Managed Security Service Provider)

multi-line logs

N

NetFlow

O

open source

P

pattern

PCI-DSS (Payment Card Industry Data Security Standard)

protocol

R

Raijin database

Remote Access Server Role

S

SCCM (System Center Configuration Manager)

SEM (Security Event Management)

SIM (Security Information Management)

SIEM (Security Information and Event Management)

SNMP (Simple Network Management Protocol)

SOC (Security Operations Center)

structured logging

syslog

T

TCP (Transmission Control Protocol)

TLS (Transport Layer Security)/SSL (Secure Sockets Layer)

U

UEBA (User and Entity Behavior Analytics)

UDP (User Datagram Protocol)

V

vendor-agnostic

W

W3C Extended Log File Format

WEC (Windows Event Collector)

WEF (Windows Event Forwarding)

Windows Event ID

WMI (Windows Management Instrumentation)

X

XPath

Z

ZeroMQ