Hello,

We are deploying NXLog Enterprise on a fleet of macOS devices with the goals to collect endpoint events even remotely. Which mean Graylog GELF exposed over Internet, with TLS encryption and certificate authentication requirements.

I see that om_ssl can do the job of TLS communication and even client authentication, but the settings I see are using file path for the Private Key.

Is there a way to have NXLog with om_ssl on macOS using a certificate from the System Keychain ?

Thanks

Hello everybody, I'm sorry to bother you with another question concerning Windows Eventlog forwarding to graylog. Unfortunately I'm not able to figure this out on my own. used versions: nxlog 2.10.2102 (running on Windows Server 2016) graylog 2.4.6 (running on Debian 9) I have two nxlog setups. One using syslog and another one using GELF. Both do not work as I would expect. **1. Syslog** ``` Module xm_syslog Module im_msvistalog Exec delete($Keywords); Exec if ($EventType == "VERBOSE") drop(); Module om_tcp Host graylog Port 5140 Exec $raw_event = replace($raw_event, "\n", " "); Exec $raw_event = replace($raw_event, "\r", " "); Exec $raw_event = replace($raw_event, "\t", " "); Exec to_syslog_ietf(); Path eventlog => out_graylog ``` The problem is that there are eventlog entries containing line breaks. Unfortunately they are not removed by the replace commands. So in graylog one message is split into many messages with every linebreak. Using wireshark I can observe that the linebreaks consist of LF characters (Unix line endings). **2. Gelf** ``` Module xm_gelf Module im_msvistalog Exec delete($Keywords); Exec if ($EventType == "VERBOSE") drop(); Module om_tcp Host graylog Port 12201 OutputType GELF Path eventlog => out_graylog ``` Unfortunately this setup does not work at all. No messages are showing up in Graylog (of course I've activated the correspnding input). Using wireshark I can observe that a lot of TCP packets are sent to graylog but none of them contain readable messages. Can anybody help me with either setup? Thanks and Regards, Carsten

I have a very basic setup. I was easily able to get the general syslog functionality working.

I have been unable to get the file transport working. I've spent several days trying alternative configurations and Googling for help; all to no avail.

I also tested with om_file - trying to just grab the file and output it locally - the outcome was just a blank file.

Any help will be greatly appreciated.

Here is my config:

define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel INFO

<Extension gelf>
    Module  xm_gelf
</Extension>

<Extension _syslog>
module xm_syslog
</extension>

<Input 1>
    Module    im_file
    file    "C:\\MSSQL\\ERRORLOG"
</Input>

<Output 2>
    Module om_tcp
    Host 192.168.1.50
    Port 5550
    OutputType  GELF_TCP
</Output>

<Route 3>
  Path 1 => 2
</Route>