Questions tagged [nxlog]
The nxlog tag has no usage guidance.
31
questions
4
votes
2
answers
12k
views
How to forward windows log using Nxlog to rsyslog server(linux)?
Im using nxlog version 3.0 on WinServ2012 R2 Standard, i can forward the event logs under Eventviewer --> windows logs --> application, system, security. But Im not able to forward other log that is ...
- 628
3
votes
1
answer
4k
views
Windows Forward Events Missing User Data and Description
I have Subscription Events set to forward windows server 2008's Terminal Services/LocalSessionManager/Operational logs to another window's server 2008's Forward Events section.
The Subscription Event ...
- 49
2
votes
1
answer
6k
views
Nxlog Multiline Input to 1 Syslog Message
I am using nxlog to tail a custom log file on one of my Windows servers. Each entry in the text file looks similar to this.
============================================================================...
- 1,393
2
votes
1
answer
5k
views
How to include a server identifier in nxlog output and reference it in logstash
If I have nxlog running on multiple IIS servers (say web1, web2, web3, web4). How can I add an identifier to the nxlog output which is being sent to logstash.
Then within logstash I want to create a ...
- 200
1
vote
1
answer
4k
views
IIS logs to Logstash with nxlog
I'm trying to join the date+time fields from the IIS log into the EventTime field for logstash digestion. This is my nxlog.conf file:
<Input iis1>
#drop comment lines, join the date+time ...
- 256
1
vote
1
answer
642
views
Logstash Filter Conditional Not Getting Applied
I've got nxlog on my Windows servers shipping logs to Logstash (JSON-formatted). I want to clone off the security events to a SIEM, so I added the logic to catch certain Windows Event IDs:
Even ...
- 420
1
vote
1
answer
94
views
Will rsyslog recover from unavailable unix domain socket?
I am following the instructions for NXLog here: https://nxlog.co/documentation/nxlog-user-guide/linux-logs.html#linux_logs_forwarding_socket_example under 80.2 about forwarding syslog messages to ...
- 3,872
1
vote
1
answer
3k
views
NXLog TCP Module Not Working
I am trying to use NXLog to forward logs from a file on one computer to a file on another computer. I am new to NXLog but feel like I now have a good handle on it after consulting the documentation. ...
- 149
1
vote
1
answer
2k
views
NxLog delete file after processing
I would like to delete the logfile once processing, what I did:
<Extension multiline>
Module xm_multiline
Exec if $raw_event =~ /^\s*$/ drop();
HeaderLine /Debut du job/...
- 23
1
vote
0
answers
481
views
Installing Graylog with Nxlog collector on a Windows DC: no service installed
I'm trying to install a NxLog collector on a Graylog client machine. The Graylog and associated infra (elastic and mongodb) is running just fine.
The install client is a Windows Server 2019 DC ("...
1
vote
0
answers
715
views
NXlog cant writes/read to cache for "savePos"
I can't configure NXlog to send Windows Event Logon logs. the logs are created before NXlog starts, so NXlog needs to remember When was the last time that he grabbed the Event logs.
The problem occurs ...
- 11
1
vote
0
answers
753
views
ERROR string limit (1048576 bytes) reached
I got some issue while working with my night batch log.
How push MULTIline log as one event?
I got stuck with one logfile that is over 26000 lines…
NxLog get stuck at some point - I don't really ...
- 23
1
vote
2
answers
9k
views
Passing JSON application log to remote LogStash via NXLog on Windows
I have been trying to pass logs from a windows application which are already formatted in JSON to logstash via NXlog.
When I have NXLOG send the file to Logstash, I get blasted with errors in the ...
- 126
1
vote
1
answer
915
views
How to use om_exec with nxlog on Windows
I am attempting to use nxlog to read and parse IIS logs on Windows Server 2008 r2. Because I have particular requirements for these logs, I would like to use om_exec to send the log entries to a ...
- 179
0
votes
1
answer
743
views
nxlog fails to connect, and never retries
I'm having an issue with nxlog, when trying to connect over network. It seems it is linked with misconfigured network (this is on a virtual machine, within Vagrant)
Error message is
ERROR couldn't ...
- 725
0
votes
2
answers
2k
views
Forwarding Application and Services Logs using nxlog
Using nxlog 'im_mseventlog' module I'm able to forward all Windows Logs (Application, Security, System... ) logs to the remote syslog server. But I'm not able to forward eventlogs present under '...
- 93
0
votes
1
answer
647
views
Match the SourceName set in nxlog in syslog-ng
This one is driving me a bit crazy. How do I route a message from nxlog received by syslog-ng based on the program name? It should be self explanatory but it isn't working correctly. The messages are ...
- 15.6k
0
votes
1
answer
1k
views
Use nxlog to parse a sophos text file and send to a syslog server
I have a windows server 2012 r2 machine with sophos. Each day there is a scan from sophos and the information is appended to the log "sav.txt".
Output example (Some info changed):
20150710 ...
- 411
0
votes
1
answer
227
views
NXLog TLS configuration
I am trying to send logs using nxlog installed on a windows server to graylog server using TLS. I have created a self signed certificate.
My questions is, if I set AllowUntrusted value to True in ...
0
votes
1
answer
822
views
nxlog get logs from applications and services logs
i am having issues getting data of an event log , located on the applications and services Logs. I have put a query in the nxlog conf file that get the erros,warning,critical logs from the ...
0
votes
1
answer
910
views
Logstash creating many tcp connections for single hosts
Logstash: 5.3.0
nxlog: nxlog-ce-2.9.1716
Checking nestat I have like 300 established connections even though I have only about 50 hosts.
I have like 40 connections for some hosts when I the client's ...
- 4,273
0
votes
1
answer
376
views
NxLog's 'and' Logic
I currently have NxLog running on various Domain Controllers pulling out login/logout events.
Exec if $TargetUserName =~ /(\S+\$|user1|user2|user3|user4)/ drop(); \
else if ($EventID == 4624 or ...
- 1,393
0
votes
1
answer
762
views
Nxlog - Collecting data from SQL Table
Looking to collect log information being written to a MSSQL Server table and forward it to Graylog using nxlog or similar.
I see a lot of information about checking logs with nxlog but nothing ...
- 267
0
votes
1
answer
440
views
Nxlog pipe scheduled command output
I'm trying to read the output of the last command in Nxlog. I would like to run last on the utmp file on regular intervals. In other words I want to schedule a shell command to run with a time ...
- 103
0
votes
1
answer
2k
views
Forwarding Application Logs using nxlog
I want to parse the Request URL field in message of application Event Logs by nxlog to kibana but i am not able to parse it as a seperate field.
Please suggest what to do in it.
0
votes
1
answer
1k
views
Problems using SSL input with NXLog
TL;DR summary: NXLog won't load my certificate - why?
I've set up an NXlog CE server to act as an encrypted entrypoint for a Graylog server. After creating a self-signed certificate and adding it to ...
- 97
0
votes
1
answer
2k
views
NXLog unable to read complete .csv file
I try to work out why NXLog can't read the complete .csf file witch has the same name but gets edited every 12 hours by windows for a export.
conf file of NXLog:
#define ROOT C:\Program Files\nxlog
...
- 1
0
votes
1
answer
2k
views
How can I collect Active Directory Domain Service events and DNS events with Nxlog?
My problem is I cannot collect ADDS or DNS events with Nxlog and send them to an ELK server. In the Nxlog config for the DC and DNS server I have the following Query
<QueryList>\
<Query ...
- 1,354
0
votes
1
answer
341
views
NXLOG shipper and Logstash alert to NAGIOS
i am looking solution how to ship the choosen log using nxlog shipper to logstash and send alert to nagios.
there is many log pattern in that file, i want to monitor this type of log like below :
...
- 51
0
votes
0
answers
1k
views
Configuring LogStash properly w/ nxlog
I'm looking for a good configuration that sends most System, Application and Security events to an output. I would have thought this configuration would work, but it seems that I get no logs from ...
- 386
0
votes
1
answer
2k
views
Linux files permissions denied on log files
I have installed nxlog to send my logs to a graylog server. It works fine, but I have a denied permission on the logs of my HIDS Ossec.
My process nxlog (launched by collector-sidecar) run as root :
...
- 1,345