We are using NXLog CE's im_msvistalog module to forward Windows Event Logs from the Security log, with some filtering, to an external syslog server. Functionally this works well and does exactly what we need it to.
I'm using nxlog-ce-2.11.2190.msi (Community Edition) on Windows 2016 to send Windows Logs to a syslog server.
If I put more than one Host to the <Output> section like
<Output to_splunk>
Module om_tcp
Host abc1.corp.net
Host abc2.corp.net
Host abc3.corp.net
Port 514
Exec to_syslog_ietf();
</Output>
Hi all,
I'm using CE.
Could you tell me how to write nxlog.conf?
I want to im_exec every 10Sec.
I have no idea about what should I write in schedule.
Hi all,
I'm looking for a debian Buster package for nxlog-ce but i've noticed that it's not available on the download page.
Is there a reason ? Can i expect a future release soon ?
Thank you very much for your assistance.
Paul.
Hi All,
I wonder if someone can answer this for me.
According to the documentation, it states that for a UDP client, the localport will be a random high port as per https://nxlog.co/documentation/nxlog-user-guide/om_udp.html
I have a situation where I am sending Zeek logs via UDP through a Google Seesaw load balancer see https://github.com/google/seesaw
