+1
0
-1
1
answer

Windows Event Forwarder and NXLog

Hello,

first of all, sorry to bother you with a question that might be easy for you, but im a bit lost.

I would like to know if NXlog is compatible with WEF ?

 

Long story made short, I plan on using NXlog to output to my SIEM Security logs of Windows Domain Controller following this guide : 

AskedSeptember 13, 2017 - 6:52pm
+1
0
-1
1
answer

LEEF Format for MS Event Logs

Hello,

Has anyone ever set up NxLog to forward windows events to any log aggregator or SIEM that accetps LEEF format? I see the enterprise edition has a LEEF module but wanted to see if this had been done or if there are any issues in doing so. 

AskedSeptember 12, 2017 - 4:02pm
+1
0
-1
1
answer

NXLOG service faiils to start on 2012R2

I have installed nxlog on our 2012R2 DC's.  I go into the file and uncomment out the path to the software.  I then replace the IP address of syslog server with ours and then save the file.  I then go and try and start the nxlog service and immediatly get an error 1053:  The service did not respond to a control request in a timely manner.

 

AskedSeptember 7, 2017 - 8:50pm
+1
0
-1
1
answer

Help with GELF_TCP fields

Need some help, I want the fields "$srcip, $srcport, $dstip, $dstport" to be put together in another field, called "$netinfo", how do I do it ??

My logs

AskedSeptember 2, 2017 - 6:49pm
+1
0
-1
1
answer

NXLog Snare Date Format

Hello,

 

I am currently using NXLog (nxlog-ce-2.9.1716) and I noticed that the snare output format has missing fields on the date :

 

AskedSeptember 1, 2017 - 2:45pm

Pages