I find some problem under AIX6.1 system.
Checking to see if anyone has run into this. I have a windows eventlog collector, with a subscription setup to move specific security audit events to the "Forwarded Events" log. From there, I am looking to push those logs to Sumologic. Unfortunately Sumo's collector does not handle this well due to the out of sequence EventRecordID of the various events coming from multiple desktops/servers we're collecting from.
I am new to nxlog or rather logics in terms of regex and all.
I am looking to drop any message which has *.*.*.255 in message field. I tried below , however it does not seem to be working for me:
Exec if $Message =~ /^([0-9][0-9]|2[0-4][0-9]|25[0-5]) . ^([0-9][0-9]|2[0-4][0-9]|25[0-5]) . ^([0-9][0-9]|2[0-4][0-9]|25[0-5]) . 255/ drop();
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally under
## /usr/share/doc/nxlog-ce/ and is also available online at
I am a college student...i am working on windows event logger to collect & analyse windows logs(event & syslog).
I don't know how to configure nxlog.conf file such that ... i can get all windows generated logs locally on host machine.
Waiting for reply.