The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.)

AskedJanuary 26, 2021 - 9:00am

How can I create a custom nxlog.conf file with powershell?

Hello, I want to send IIS W3C logs to the Syslog server. The nxlog.conf file is as follows. If we assume that there are too many domains on the server, I want to quickly create this config file with powershell. Is this possible?

In this configuration file, I can define the website and log directories manually. This is true, but it may be easier to add website and log directories by creating a "dynamically" config file.

AskedJanuary 25, 2021 - 8:44pm

om_udpspoof inside docker container

I have a question regarding running nxlog with the om_udpspoof module inside of a docker container. It appears that I should be able to do this, but in practice it does not work. I have tried the following:

AskedJanuary 20, 2021 - 9:49pm

NXLog MS SQL logs

hi there, I have a query. Got Windows servers with MS SQL installed and the NXLog 32 bits agent installed. Unfortunately no SQL logs are seen on our SIEM solution (Alienvault) and it seems the issue is because we should use the 64 bits agent (available for the Enterprise edition only). Has anyone experienced the same? Any tips? Any help would be appreciated

Many thanks!

AskedJanuary 20, 2021 - 3:30pm

Elasticsearch Module on NXLog


Regarding the Elasticsearch module:

Currently, I am using Nxlog Manager, NxLog agent and I want to send the log to elasticsearch. Where I should put the elastic username and password on NXLog config file?


AskedJanuary 20, 2021 - 3:20am