+1
0
-1
1
answer

Adding fields to multi-level JSON document breaks the document

It does not appear to be possible for NxLog Community to add fields to a JSON document which contain complex fields because parse_json() converts those complex fields to strings, thereby breaking the document as it is sent upstream. Alernatively, I'm doing something wrong ;).

Let's say the NxLog is reading a file with a JSON document on each line and I want to add a custom field. I understand I would do the following:

AskedMay 16, 2017 - 9:37am
+1
0
-1
1
answer

ERROR invalid keyword:

 

hello I had an error  while execting nxlog on windows server 

2017-05-11 15:34:51 ERROR invalid keyword: { at C:\Program Files (x86)\nxlog\conf\nxlog.conf:38

 

NXLOG.CONF

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

AskedMay 11, 2017 - 5:32pm
+1
1
-1
1
answer

Send file to Graylog im_file not working.

I have a very basic setup. I was easily able to get the general syslog functionality working.

I have been unable to get the file transport working. I've spent several days trying alternative configurations and Googling for help; all to no avail.

I also tested with om_file - trying to just grab the file and output it locally - the outcome was just a blank file.

Any help will be greatly appreciated.

Here is my config:

AskedMay 8, 2017 - 10:59pm
+1
0
-1
1
answer

Filter out specific events based on payload???

Is it possible to apply a filter that will allow for a windows event (e.g. 4624) to be dropped if it contains a machine name (appended with $) but send all others?  The line that contains the payload is:

JCEF_srcUser:  xxxxx

xxxx would need to be a wildcard to be inclusive of all machine accounts. 

AskedMay 8, 2017 - 8:05pm

Pages