Recent threads

im_azure using proxy to connect to Azure environment
Hello,We are setting up log collection from Azure Log Analytics workspace but the connection is not possible without B2B proxy. I see that Proxy setup is possible only with om_azure module. We need to read and collect the logs from the Azure environment and not to send it there. What should we do to make it happen? Without proxy the connection is not possible and we can't use nxlog for our new service. Is there any other module which could set the proxy by default etc. ? Thank you,Martin W.

mwaszut created
Replies: 0
View post »
last updated
One Input Multiple Outputs (AlienVault/Nxlog)
We currently have a central logging server for our Windows Servers collecting and forwarding with NXLog to AlienVault.  We have a working config file currently that I would like to modify to be able to send two of the Windows Event ID's that are being collected to our NDR (Vectra).  What is the best route to be able to configure multiple sources and/or outputs? Currently we have two working configs, one for Vectra and one for AlienVault, but I'd like to “combine” them in a way that allows us to be able to send relevant data to their needed sources.AlienVault uses a patterndb.xml file for what events it wants to collect, Vectra just needs two specific event ID's that it calls out in the log file with the below line. It then outputs to an IP.  This seems like it should be pretty straight forward but I'd like to have it sort of configured/figured out before I bring down my AlienVault feed.We are also currently using the Nxlog community edition if that matters.<Input eventlog>   Module im_msvistalog<QueryXML> <QueryList>  <Query Id="0" Path="ForwardedEvents">  <Select Path="ForwardedEvents">*[System[(EventID=4768 or EventID=4769)]]</Select> </Query></QueryList></QueryXML></Input>

seppic created
Replies: 0
View post »
last updated
ERROR remote ssl socket was reset? (SSL_ERROR_SSL with errno=9); End of file found
Hi, I am trying to use an ssl connection between client and server in "server-side authentication only" mode. I placed the certificates in the respective /conf folder of nxlog server. these are the current configurations: >>> CLIENT <<< <Output to_syslog_server> Module om_ssl Host 10.1.1.1 Port 516 Exec $Message = to_leef(); to_syslog_ietf(); </Output> >>> SERVER <<< <Input in_syslog_ssl> Module im_ssl Host 0.0.0.0 Port 516 CAFile %CERTDIR%/rootCA.pem CertFile %CERTDIR%/central.crt CertKeyFile %CERTDIR%/central.key KeyPass password FlowControl TRUE AllowUntrusted TRUE <Exec> if $raw_event =~ /LEEF/ parse_leef(); else parse_syslog(); </Exec> </Input> but it makes me this Error: 2019-09-06 17:43:26 ERROR remote ssl socket was reset? (SSL_ERROR_SSL with errno=9); End of file found Do you have any ideas to solve this? Thank you Antonio

antoniosoc created
Replies: 2
View post »
last updated