NXLogAgent: Sometimes cannot forwarding log to FortiSIEM (Agent stop running)

#1 Sunat Praphanwong (Last updated )

I would like to ask, in some circumstances NXLogAgent on Windows, the agent cannot forwarding log to FortiSIEM (sometimes the agent was stopped by itself), I need to manual restart the agent to make the agent running again, in this situation is it abnormal or not?

Another question would be about the log format can be parsed by FortiSIEM or I need to custom parser to parse this log format or someone can provide this parser to me?

Best Regards, 

#2 gahorvath

Hello Sunat,

The NXLog agent stopping is usually indicative of a problem.

Please look at the event viewer if you see anything about the nxlog service there, and check the nxlog.log file.

As for the FortiSIEM, I'll have to look up what input formats it can accept. I'll be back :)