Hello all,
I wanted to syslog the Windows logs to one of my SIEM in snare format. when i configure the nxlog as given below, the hostname is there in header. but i wanted to use any of the IP address of the server in header.
I have seen one question on this topic in 2014, has anyone managed to implement a solution that allows events to be sent to multiple servers in sequence such that duplicate events are not sent.
I am sending events on to a Nifi cluster and would really rather not send the traffic back through the nginx load balancer a 2nd time.
This is a complex question about a complex problem, but please feel free to read i anyway :-)
We use NXLog to read the Windows eventlog and also csv files. We send the data to a linux loghost which does some regexp-based parsing.
We now encounter problems with missing fields.
Example 1: A csv file with three columns A, B and C. It looks like this:
Hello:
I am trying to send an event related to terminal server logins to a logstash instance. When the message associated with the event contains an IPv4 address it works without issue. When the source network address in the message is IPv6 (containing a percent symbol), nxlog fails to parse the message with the error "ERROR_EVT_UNRESOLVED true". I have tried doing a replace of the % but it hasn't had and effect. Thanks!
Hello there, I am having some issues with NxLog using xm_xml. The regex seems to match fine, so I think it's something else. When I try to run it, I get a completely blank file. Here is my config
<Extension multiline>
Module xm_multiline
HeaderLine /^\s*<Obj RefId="[0-9][0-9]?[0-9]?[0-9]?">/
#EndLine /^\s*</entry>/
</Extension>
<Extension _xml>
Module xm_xml
