Good day Family

I have a problem with nxlog on Linux, I am having difficulties pulling records from an oracle DB using the agent. Has anyone done it before?

Please help

I have been looking for a way of aggregating disparate logs and according to the Web NXLog is what I need. I have installed NXLog Community Edition and that's it. It a running. I had hoped for some form of web interface and from that a way of collecting log files. But I cannot seem to find anything of such ilk. I suspect I am missing something obvious, which is normal as I am partially sighted and tend to miss the obvious. If anyone could please spare the time to start me going collecting and reading logs, I would be extremely grateful.

Ubuntu 18.04 VM Many thanks and kind regards,

jB

Hello:

I have been working on setting up an intermediary SYSLOG Server to receive syslog events from various network devices as part of my Splunk deployment.
Please NOTE: This a WINDOWS 2019 Server environment.

I am a newbie to NXLog . I have been able to get a base configuration working to receive data on port 514. I can successfully write to a file but the only option that seems to work is to write to file using the source IP Address, but I want to write to a file using the source Hostname.

I am using the Community Edition and do not have access to use xm_resolver.

How can I receive syslog data and write that data to file using source HOSTNAME?

I have been researching and trying now for close to a month with no success. Any information / guidance would be greatly appreciated.

Thank you for your time. Regards, --Diane Proscino

I would like to send IIS v8.5 logs over to a Linux syslog server. I have all parts installed, but need help with the nxlog agent configuration on the IIS server (Win2012 R2). My current configuration is attached. There are errors in the Win2012 nxlog agent's log file, and I am unable to fix them all, they are attached as well. I had to comment out parts like writing to a local file in order to get the agent running. I would like to have that work as well. It created the file but it's empty. Config (errors are further below): ## Please set the ROOT to the folder your nxlog was installed into, ## otherwise it will not start. #define ROOT C:\Program Files\nxlog define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log Module xm_syslog # Module xm_fileop Module xm_csv Fields date, time, s-ip, cs-method, cs-uri-stem, cs-uri-query, \ s-port, cs-username, c-ip, cs(User-Agent), cs(Referer), \ sc-status, sc-substatus, sc-win32-status, time-taken FieldTypes string, string, string, string, string, string, integer, \ string, string, string, string, integer, integer, integer, \ integer Delimiter ' ' EscapeChar '"' QuoteChar '"' EscapeControl FALSE UndefValue - Module im_file File "C:\\inetpub\\logs\\LogFiles\\W3SVC1\\\\*.log" if $raw_event =~ /^#/ drop(); else { w3c_parser->parse_csv(); $EventTime = parsedate($date + "T" + $time + ".000Z"); } # # Module om_tcp # File 'C:\outputiis.log' # Exec to_syslog_bsd(); # Module om_tcp Host 10.0.3.163 Port 514 Exec to_syslog_bsd(); Path iis_w3c => out_tcp Path iis_w3c => out_file_iis Module xm_json Module xm_charconv AutodetectCharsets utf-8, euc-jp, utf-16, utf-32, iso8859-2, ucs-2le ########################################## ## NXLOG INTERNAL LOG ## ########################################## # Nxlog internal logs - Recommended to keep this turned ON so error(s)/Issues with NXLog are reported. Module im_internal Exec $Hostname = hostname_fqdn(); Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; to_json(); ########################################## ## FLAT FILES ## ########################################## ## http://nxlog-ce.sourceforge.net/nxlog-docs/en/nxlog-reference-manual.html#im_file ## Input to watch a file of your choosing. After Input, name it whatever you want to describe that NXLog ## is pulling, then add that name to the path in Route 1 after eventlog. Can be separated for filtering diff logs. ## After setting the Message as raw_event this converts the message to UTF-8, drops empty messages ## removes extra whitespace, grabs the file name as LogFile, adds the FQDN, and deletes a useless var ## Pulls all logfiles from the default ITS Log Location ## It is Recommended to LEAVE THIS ENABLED ## Ensure that "ITS_Logs" is specified in the correct Route at the bottom for output Module im_file File "C:\\ITS\\Logs\\\\*.log" SavePos TRUE Recursive TRUE Exec $Message = $raw_event; Exec $Message = convert($Message, "ucs-2le", "utf-8"); Exec if $Message == '' drop(); Exec if $Message =~ s/^\s+//g log_debug("whitespace removed"); Exec if file_name() =~ /([^\\]+)$/ $LogFile = $1; Exec $Hostname = hostname_fqdn(); Exec delete($SourceModuleType); Exec $EventTime = $EventReceivedTime; Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; Exec to_json(); Error Message: 2019-09-11 12:08:56 ERROR if-else failed at line 46, character 9 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; procedure 'parse_csv' failed at line 44, character 36 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; cannot parse integer "/", invalid modifier: '/' 2019-09-11 12:09:26 ERROR last message repeated 5 times

Hello, I have a WEC server receiving the logs form my network computers, in this server I have the NXLog community edition to forward this logs, but in the exabeam analytics does not see logs from the machines the login and log out, I feel that the nxlogs does not forward all events, Do I need to use other version of client or what else should I do to verify if is send the full log?

Regards

Ben

Hi,

I'm trying to transfer two different csv files having different set of columns to a location. I'm trying to define them in one config file. I would like to know how we define the Extension module for this scenario since xm_csv is going to be the common one for the entire file. Is there any option to use more than one extension module with xm_csv specific to each file?

Sample: Is this possible in one config file?

Extension <Extension csv_parser> Module xm_csv Fields A,B,C,D Delimiter , </Extension>

<Extension csv_parser> Module xm_csv Fields E,F,G Delimiter , </Extension>