Hello, We are deploying NXLog Enterprise on a fleet of macOS devices with the goals to collect endpoint events even remotely. Which mean Graylog GELF exposed over Internet, with TLS encryption and certificate authentication requirements. I see that om_ssl can do the job of TLS communication and even client authentication, but the settings I see are using file path for the Private Key. Is there a way to have NXLog with om_ssl on macOS using a certificate from the System Keychain ? Thanks

Hello everybody, I'm sorry to bother you with another question concerning Windows Eventlog forwarding to graylog. Unfortunately I'm not able to figure this out on my own. used versions: nxlog 2.10.2102 (running on Windows Server 2016) graylog 2.4.6 (running on Debian 9) I have two nxlog setups. One using syslog and another one using GELF. Both do not work as I would expect. 1. Syslog <Extension syslog> Module xm_syslog </Extension> <Input eventlog> Module im_msvistalog Exec delete($Keywords); Exec if ($EventType == "VERBOSE") drop(); </Input> <Output out_graylog> Module om_tcp Host graylog Port 5140 Exec $raw_event = replace($raw_event, "\n", " "); Exec $raw_event = replace($raw_event, "\r", " "); Exec $raw_event = replace($raw_event, "\t", " "); Exec to_syslog_ietf(); </Output> <Route route_eventlog> Path eventlog => out_graylog </Route> The problem is that there are eventlog entries containing line breaks. Unfortunately they are not removed by the replace commands. So in graylog one message is split into many messages with every linebreak. Using wireshark I can observe that the linebreaks consist of LF characters (Unix line endings). 2. Gelf <Extension gelf> Module xm_gelf </Extension> <Input eventlog> Module im_msvistalog Exec delete($Keywords); Exec if ($EventType == "VERBOSE") drop(); </Input> <Output out_graylog> Module om_tcp Host graylog Port 12201 OutputType GELF </Output> <Route route_eventlog> Path eventlog => out_graylog </Route> Unfortunately this setup does not work at all. No messages are showing up in Graylog (of course I've activated the correspnding input). Using wireshark I can observe that a lot of TCP packets are sent to graylog but none of them contain readable messages. Can anybody help me with either setup? Thanks and Regards, Carsten

I have a very basic setup. I was easily able to get the general syslog functionality working. I have been unable to get the file transport working. I've spent several days trying alternative configurations and Googling for help; all to no avail. I also tested with om_file - trying to just grab the file and output it locally - the outcome was just a blank file. Any help will be greatly appreciated. Here is my config: define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log LogLevel INFO <Extension gelf>     Module  xm_gelf </Extension> <Extension _syslog> module xm_syslog </extension> <Input 1>     Module    im_file     file    "C:\\MSSQL\\ERRORLOG" </Input> <Output 2>     Module om_tcp     Host 192.168.1.50     Port 5550     OutputType  GELF_TCP </Output> <Route 3>   Path 1 => 2 </Route>