I'm currently using nxlog to filter and forward syslog: Source => Filter Logs on intermediate server with nxlog installed => forward udp 514 (syslog).
Config looks like the following:
We're using NX Log (CE) as a test to see if it will work for our purposes. The overall idea is to use it as a forwarder of syslog flat files to any brand of SIEM.
My config looks like this:
Panic Soft
#NoFreeOnExit TRUE
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%
Hello everybody,
I'm sorry to bother you with another question concerning Windows Eventlog forwarding to graylog. Unfortunately I'm not able to figure this out on my own.
used versions:
nxlog 2.10.2102 (running on Windows Server 2016)
graylog 2.4.6 (running on Debian 9)
I have two nxlog setups. One using syslog and another one using GELF. Both do not work as I would expect.
1. Syslog
wiht the community eddition when the nxlog-ce is listening on /dev/log and for some reasons the systemd-journald (debian 9) removes the socket the nxlog blocks the compleate host. (even no login possible) after a restart of nxlog the host recovers.
Here is a sample event when using to_syslog_snare() in the nxlog.conf:
