Hi,

First time post so please go easy....

I have a simplet test Windows 2008 server with nxlog installed with the following config file.

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension _syslog>
    Module      xm_syslog
</Extension>

<Input file_in>
    Module im_file
    File 'D:\\01\\syslogtest.txt'
    Exec $Message = $raw_event;
    SavePos True
    ReadFromLast True
</Input>

<Processor file_transformer>
    Module pm_transformer
    Exec $SourceName = 'offline_testing';
    OutputFormat syslog_bsd
</Processor>

<Output file_out>
    Module      om_udp
    Host        syslog.domain.com
    Port        10000
</Output>

<Route file_route>
    Path        file_in => file_transformer => file_out
</Route>

I'm sending my logs to a syslog server running syslog-ng.

When the server is available, everything is good.  What I write to the local Windows text file appears on the syslog-ng server.

I enable Windows firewall to simulate the syslog-ng server down.

I write to the local Windows text file and nothing appears in syslog-ng.  As expected.

I remove the firewall rule and here is where my problem lies.  I don't see what was written to the local text file while the syslog-ng was unavailable on the syslog-ng server.

If I start writing to the text file after disabling the firewall, I see the new stuff coming in but not what was written while the syslog server was "offline".

Can anybody help figure out why this is not working as expected?

Regards,

Victor