Request trial
Request Trial

Basic Setup

View thread
NF_862205

Have created this simple agent to send agent logs to a central server.
Is it possible to bulk this and only send once per hour ?
What requirements to use the same as agentless ?
When I add a second agent, how does the NXlog server separate the logs ?
I then want to forward all logs on NXlog server to SIEM or Elastic , how to forward ? possible to bult this aswell

<Input syslog>
Module im_msvistalog
<QueryXML>
<QueryList>
<Query Id='0'><Select Path='System'>[System[(Level &lt;= 3)]]</Select></Query>
<Query Id='1'><Select Path='Application'>[System[(Level &lt;= 3)]]</Select></Query>
<Query Id='2'><Select Path='Security'>*[System[(Level &lt;= 3)]]</Select></Query>
</QueryList>
</QueryXML>
</Input>

<Output forward>
Module om_tcp
Host x.x.x.x
Port 1514
</Output>

#################### ROUTE ###########
<Route r>
Path syslog => forward
</Route>

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS