Request trial
Request Trial

WIndows Log dont seem to match what NZLog is sending?

View thread
LogicalSolutions

Hey All,

A bit of a newbee and trying to get NXLOG working with GrayLog. It is working and I'm seeing the information. The issue is that the information I'm seeing does not seem to match the PC's event logs.

Please see below Config File:

<Extension _exec> Module xm_exec </Extension>

<Extension _fileop> Module xm_fileop

# Check the size of our log file hourly, rotate if larger than 5MB
&lt;Schedule&gt;
    Every   1 hour
    Exec    if (file_exists('%LOGFILE%') and \
               (file_size('%LOGFILE%') &gt;= 5M)) \
                file_cycle('%LOGFILE%', 8);
&lt;/Schedule&gt;

# Rotate our log file every week on Sunday at midnight
&lt;Schedule&gt;
    When    @weekly
    Exec    if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
&lt;/Schedule&gt;

</Extension>

<Extension _gelf> Module xm_gelf </Extension>

<Input win> Module im_msvistalog </Input>

Converting events to Snare format and sending them out over TCP syslog

<Output graylog> Module om_udp Host X.X.X.X Port 3514 OutputType GELF </Output>

<Route graylog_route> Path win => graylog </Route>

Any ideas about what I'm doing wrong????

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS