Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.

NX LOG Newbie Question

Good Afternoon.

I currently run a NX log solution that was setup by the vendor of our cloud IDS. I do know that we have a collection of logs coming from workstations to a central server and that server uploads the logs to the IDS. That being said, I have set up a gray log server on an Ubuntu box and I want to send my Windows DNS logs to that server so that I have a way to search DNS queries made by workstations should on of them become compromised. (via malware, ransomware, etc) I realize that there is already a config fiile for nx log that sends the event viewer logs so I am assuming that I would have to use that same file to have nx send dns logs to a different location (if that is even possible).   So my questions are, Is it possible to do that? If so, is the collection service that has to be stopped in order to edit the config file?

I would send these logs to the same online IDS service but we are already going over our quota every month and management doesn't see the need to upgrade our service. Therefore, I am left to figure out another way to stay on top of DNS threat hunting. 

Any input will be greatly appreciated.


jrpayne
Replies: 2
View post »
jrpayne
Memory leak in NXLog 5 (include latest v5.6.7727)
Hello!
We have permanent memory leaks on Windows Event Collect server with any 5 version NXLog. If we install any 4 version - it work without memory leak, but very slowly - it's accumulating queue on single filter for windows events. How we can help to fix it in next release?

Roman_Andreev
Replies: 1
View post »
jeffron
using CE and EE in a same machine
Hi,

I'm using EE trial edition now in my machine but i need to use CE edition as well for testing. Can I use both in same machine? will I lose my EE trial if i download CE now?

Sangeetha
Replies: 1
View post »
Zhengshi
Cost of Enterprise Edition
Hi,

I would like to know the cost of enterprise edition.
Also, I would like to know whether we could use the purchased nxlog EE package in more than one server to collect logs?


Sangeetha
Replies: 1
View post »
Sangeetha
Large eventlog entries makes nxlog "hang"
<p>We are using nxlog to collect eventlog information. Some entries can be large, in fact some message are split over several entries as a workaround for the maximum eventlog entry size. However, these large entries seem to hang nxlog so that it stops processing new entries. Typical error messages are:</p>

<p>---------------------------------------</p>

<p>2014-10-27 17:10:32 ERROR EvtNext failed with error 1734: The array bounds are invalid. &nbsp;<br />
2014-10-27 17:10:33 ERROR EvtUpdateBookmark failed: The handle is invalid.</p>

<p>----------------------------------------</p>

<p>Why is this? Is there any workaround?</p>

<p>&nbsp;</p>


MagnusBjarnlid
Replies: 2
View post »
Ivan.Akcheurov
Routing messages based on type and source in a client server configuration
<p>Currently process and transform the windows event/iis logs on the client, however as I have more servers I am wondering about routing everything to a central point using the binary format and then processing them into the relevant tables in to a mysql db. I am struggling with at which stage this filtering and tansforming is done and what the route should look like. Do I use the patern filter in a process stage and then use and if statement in the route based on the patern id?</p>

<p>Clients</p>

<p>im_msvistalog =&gt; om_tcp (binary)</p>

<p>w3c extension(im_file) =&gt; om_tcp (binary)</p>

<p>Server</p>

<p>im_tcp =&gt; ?????????? =&gt; ?????? (om_dbi but based on source message type evntlog table |syslog table |iis log table|apache log table|security log table)</p>

<p>Can you point me in the right direction?</p>


imperimus
Replies: 1
View post »
adm