7
responses

Run-away logging involving NXLog

For about 5 years, I've been using NXLog to forward Windows logs from all of my Windows servers into a Graylog server. Recently, one of the servers developed an issue where there will be event ID 5156 ("The Windows Filtering Platform has permitted a connection") triggered when NXLog sends logs to the Graylog server, which triggers another event ID 5156, which triggers another and another and another and so on.

AskedOctober 10, 2019 - 5:28pm
1
response

Common format for Windows, internal logs and my app logs

TL;DR: what's the recommended way of converting logs to a common (e.g. GELF) format?

I'm using NXLog together with Logstash and EalsticSearch. I'm collecting logs from Windows, NXLogs (internal) and my app logs using line based JSON.

AskedApril 12, 2015 - 3:16pm