syslog

Post a question
4
responses

im_udp dropping syslog udp messages

Hi,

I'm working on a heavy log source which can only send syslog. Now currently i also have filters in the config to remove unwanted logs. I've noticed that some logs are successfully being processed whilst others are lost.

Through packet capture I was able to conclude that from log source to nxlog server udp packets are all being received. Seems like nxlog (config) can’t handle the large amount of syslog UDP messages coming in.

AskedFebruary 18, 2021 - 3:01pm
1
response

Regex/Variable

Hi,

I'm currently using nxlog to forward RADIUS messages via syslog to my firewall. However, it has recently started complaining that the packets are too big, and so fragmentation is occurring which it doesn't like.

The temporary fix was to force the packets to cut at 1450 bytes, and this is my current config:

Panic Soft
#NoFreeOnExit TRUE

AskedDecember 8, 2020 - 7:15pm
2
responses

Using Nxlog as syslog forwarder

I'm currently using nxlog to filter and forward syslog: Source => Filter Logs on intermediate server with nxlog installed => forward udp 514 (syslog).

Config looks like the following:

AskedJune 23, 2020 - 4:45pm
8
responses

Basic Configuration from syslog flat file to IBM QRadar - Connectivity seems to work, can't tell if I'm sending data.

We're using NX Log (CE) as a test to see if it will work for our purposes. The overall idea is to use it as a forwarder of syslog flat files to any brand of SIEM.

My config looks like this:

Panic Soft
#NoFreeOnExit TRUE

define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%

AskedNovember 19, 2018 - 3:08pm
2
responses

Problems sending Windows Eventlog to graylog

Hello everybody,

I'm sorry to bother you with another question concerning Windows Eventlog forwarding to graylog. Unfortunately I'm not able to figure this out on my own.

used versions:
nxlog 2.10.2102 (running on Windows Server 2016)
graylog 2.4.6 (running on Debian 9)

I have two nxlog setups. One using syslog and another one using GELF. Both do not work as I would expect.

1. Syslog

AskedSeptember 25, 2018 - 12:52pm

Pages