0
responses

NXLog and DHCP Log Files issue

Hi All,

I am using NXlog to forward DHCP events from Windows DHCP Servers. This is working as intended, however I have the following issue:

At midnight DHCP rotates the log file used for the next day and archives off the old one. When this occurs I get the following Events logged by DHCP to the Windows Event Log:

"The DHCP service failed to initialize the audit log. The following error occurred:
Access is denied."

AskedJuly 29, 2022 - 12:17pm
1
response

KISS: beginner's problems with im_file and om_file

Hello nxlog world,

Shamed to say, I've spent entire yesterday trying to figure out how to read Windows DHCP log files and ship the events to ElasticSearch.

Problem was with using direct path for folder C:\Windows\System32\dhcp\. Managed to get nxlog to read by sharing the folders (read-only permissions) to the user account used for nxlog service account logon.

AskedJanuary 21, 2016 - 11:45am
8
responses

"Input file does not exist"

I am using the following im_file configuration to try to collect Windows DHCP Server logs:

## Input module for Microsoft DHCP server audit logs
<Input dhcp>
    Module im_file
    File "C:\\Windows\\System32\\Dhcp\\DhcpSrvLog-*.log"
    SavePos TRUE
    PollInterval 180
    Exec to_syslog_bsd();
</Input>

AskedJune 25, 2015 - 1:37pm