Request trial
Request Trial

Problem sending new logs with im_file to remote SIEM

View thread
lucasbittencourt

I have a setup with nxlog to collect audit log files that come to me daily. Each day the file name changes.

I noticed that the incoming files are not sent to my remote SIEM, only the first one after restarting the NXLOG service.

Below is my NXLOG configuration using the im_file and on_tcp modules.

Would anyone have an idea how to resolve this?

 

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel INFO


#######################################################################


EXTENTIONS


#######################################################################


<Extension _gelf>
Module      xm_gelf
</Extension>


<Extension _json>
Module      xm_json
</Extension>


<Input auditoria>
Module   im_file
File     "E:\Dataside\SIEM*.json"
ReadFromLast False
SavePos False


</Input>


<Output graylog>
Module om_tcp
Host 10.100.8.113
Port 5555
</Output>


<Route auditoria-to-graylog>
Path		auditoria => graylog
</Route>

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS