1
answer

KISS: beginner's problems with im_file and om_file

Hello nxlog world,

Shamed to say, I've spent entire yesterday trying to figure out how to read Windows DHCP log files and ship the events to ElasticSearch.

Problem was with using direct path for folder C:\Windows\System32\dhcp\. Managed to get nxlog to read by sharing the folders (read-only permissions) to the user account used for nxlog service account logon.

AskedJanuary 21, 2016 - 11:45am
2
answers

"Input file does not exist"

I am using the following im_file configuration to try to collect Windows DHCP Server logs:

## Input module for Microsoft DHCP server audit logs
<Input dhcp>
    Module im_file
    File "C:\\Windows\\System32\\Dhcp\\DhcpSrvLog-*.log"
    SavePos TRUE
    PollInterval 180
    Exec to_syslog_bsd();
</Input>

AskedJune 25, 2015 - 1:37pm