Back to conversation about current workaround... Windows Server 2016 has more than 256 channels. Is it possible to create a second thread/instance to subscribe for the remaining channels? I can try to guess and create XML filter to exclude some unneeded for now but tomorrow MS can create more channels with some update and would be nice if it handled automatically.
I am trying to use the om_http module to POST events to an AWS API Gateway (which won't allow SSLv3 connections). Looking at this forum and the documentation, it seems like the latest version of the community edition, nxlog-ce-2.9.1716, should support TLSv1.2, but I keep getting the following error when it attempts to connect to my API:
ERROR SSL error, SSL_ERROR_SSL: retval -1, sslv3 alert handshake failure
Below is my config for the output:
Is the Output module to ElasticSearch available/will be available in the community edition?
When I last checked it was a feature of the commerical edition only.
I have been a nxlog champion for years now and have been forwarding to logstash. However with Elasticsearch ingest nodes, there is one extra redundent step now.
This will tip the scale to moving off into native beats/rsyslog if there are no plans to make this available.
this might be a strange question but I'm new nxlog and was wondering what the difference between an input module and a processor module is.
the background to my question is:
I want to collect logs centrally on an nxlog server, and have configured all my clients to send their logs in a nxlog-binary format. at the moment I'm testing this with Windows IIS webserver logs.
My scenario is: (Windows server + nxlog configured for Windows events) => Logstash => Elasticsearch
I am wondering where nxlog stores current informations about sent Windows Events (for every category).
If i need to resend a few Windows events from past, how i can do it?