No logs are collected from Fortinet units, but tcpdump on NXlog collector shows ingoing traffic coming from them

I have a setup using NXlog instances as collectors in a large number of security zones.

<Input in0>
    Module   im_tcp
    Host      XXX.XXX.XXX.XXX

but for some reason this does not capture logs coming in on port 514 from Fortinet units; all other logs (from Windows and Linux servers) are received and processed just fine.

tcpdump -nvvA host [Fortinet unit IP]

AskedJune 22, 2021 - 12:28pm

NXLog EE Trial Limitations


We are testing the NXLog EE Trial version on Windows and want to know what are its limitations?

Will be expire after some time?

Are some modules not working?

How many days can we try it?

Is there a FAQ to explain further the Trial limitations? because we did not find any.

Thank you.

AskedJune 15, 2021 - 1:49pm

NX .conf - Drop Windows events based on hostname

Hello everyone

I have the following EXEC IF statement in my configuration file to drop events if username fields are equal to the computer account name. As you know Windows computer account names always end in $.

if $EventID == 4624 AND ($TargetUserName == 'DESKTOP-XY43$' OR $SubjectUserName == 'DESKTOP-XY43$') drop();

AskedJune 13, 2021 - 5:00am

WARNING Module ##### has no input files to read

Hello Team,

I have added nxlog.conf for our windows application server.

## See the nxlog reference manual at
## http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
define CERT %ROOT%\cert

AskedJune 11, 2021 - 8:53am