Schedule | Log collection solutions

#1 gavin.lacey@telegraph.co.uk 11 months ago

I have noticed that my alerts are about 2 hours behind. My SIEM rule retrohunts every 10 minutes.

What is the default schedule for nxlog community edition?

I think I need to input code similar to the below to make my rule retrohunts trigger in a more realtime way

<Input in> Module im_tcp Port 2345

<Schedule> Every 1 sec First 2010-12-17 00:19:06 Exec log_info("scheduled execution at " + now()); </Schedule>

<Schedule> When 1 */2 2-4 * * Exec log_info("scheduled execution at " + now()); </Schedule></Input>

Permalink

#2 gahorvath Nxlog ✓ 11 months ago

Apart from the formatting your config looks OK.

<Input in>
   Module  im_tcp
   Port    2345
   <Schedule>
          Every   1 sec
          First   2010-12-17 00:19:06       
          Exec    log_info("scheduled execution at " + now());   
   </Schedule>
   <Schedule>
          When    1 */2 2-4 * *       
          Exec    log_info("scheduled execution at " + now());   
   </Schedule>
</Input>

Is this not caused by timezone differences?