+1
0
-1
1
answer

community edition msi silent install

Two questions, I am attempting to install the nxlog-ce via powershell and the process hangs at the accept eula screen and also it seems the way to install requires copying over the default configuration file after install.

 

- Is there a flag I can pass to accept the eula?

- Is there a way to pass the path to the config file at install to automatically overwrite the config at installation time without stop/starting the process?

 

AskedJanuary 26, 2017 - 3:30pm
+1
0
-1
1
answer

Having issues with mysql

I'm trying to get nxlog to read from a mysql table and output any changes from the last table read to a text file in csv tab delineated format.  Right now all it's doing is injecting multiple carriage returns into the text file with no text.  Am I heading in the right direction or have I totally borked the config?  I'm working with the following config:

AskedJanuary 25, 2017 - 4:24pm
+1
0
-1
1
answer

multiline message

Hello. I have a question.

I get multiline messages

how can I combine into a single line, multiline message ??

for example this message, In this message 4 lines

Jul 21 17:59:10 <14> 1 2016-07-04T00: 53: 02.000000 + 03: 00 node = sec-sflow type = SYSCALL msg = audit (1467579182.055: 3248181): arch = 111

2 syscall = success = yes exit = 4 a0 = 7fc7783127a8 a1 = 2 a2 = a3 = 0 8 items = 1 ppid = 11013 pid = 30363 auid = 0 0 uid = gid = 0 = 0 euid

AskedJanuary 25, 2017 - 12:39pm
+1
0
-1
1
answer

im_msvistalog EventData Fields are overwritten

Hello!

It appears that any nested data - e.g. from EventData - will be overwritten if the field exists on the event itself.

For example, please see your documentation on sysmon.  Notice that ProcessID is a field on the event, and is also a field under EventData, albeit with different data.

AskedJanuary 12, 2017 - 4:04pm
+1
0
-1
1
answer

Cut out some output fields

Hello,

Could you please clarify how can I cut out some fields from forwarded event?

My situation is the following;

AskedJanuary 12, 2017 - 12:40pm

Pages