Need to Remove Timestamp in the default Payload which was added by NXLog Server

Tags:

#1 BC_471242

Default Payload from Source Host: <134>1 1515988859.626061236 appliance flows src=172.21.84.107 dst=10.52.193.137 mac=5C:E0:C5:22:85:E4 protocol=tcp sport=50395 dport=443 pattern: allow all

Payload Generated by NXLog Server: <134>May 7 15:18:02 10.101.100.193 1515988859.626061236 appliance flows src=172.21.84.107 dst=10.52.193.137 mac=5C:E0:C5:22:85:E4 protocol=tcp sport=50395 dport=443 pattern: allow all

Hi,

I have a source machine which is sending logs to NXLog server and NXlog server forward the logs to QRadar. But the payload seems to be different on NXLog Server and QRadar. Timestamp is being added additionally by NXLog server and forwarded to QRadar. Is there a way to make change on the NXLOg server to forward the default log to QRadar.

#2 rafDeactivated Nxlog ✓
#1 BC_471242
Default Payload from Source Host: <134>1 1515988859.626061236 appliance flows src=172.21.84.107 dst=10.52.193.137 mac=5C:E0:C5:22:85:E4 protocol=tcp sport=50395 dport=443 pattern: allow all Payload Generated by NXLog Server: <134>May 7 15:18:02 10.101.100.193 1515988859.626061236 appliance flows src=172.21.84.107 dst=10.52.193.137 mac=5C:E0:C5:22:85:E4 protocol=tcp sport=50395 dport=443 pattern: allow all Hi, I have a source machine which is sending logs to NXLog server and NXlog server forward the logs to QRadar. But the payload seems to be different on NXLog Server and QRadar. Timestamp is being added additionally by NXLog server and forwarded to QRadar. Is there a way to make change on the NXLOg server to forward the default log to QRadar.

Hello,

In order to help you in finding the solution - could you share your conf file?

Best regards,
Rafal