I have a setup with nxlog to collect audit log files that come to me daily. Each day the file name changes.

I noticed that the incoming files are not sent to my remote SIEM, only the first one after restarting the NXLOG service.

Below is my NXLOG configuration using the im_file and on_tcp modules.

Would anyone have an idea how to resolve this?

define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel INFO
#######################################################################
EXTENTIONS
#######################################################################
<Extension _gelf>
Module      xm_gelf
</Extension>
<Extension _json>
Module      xm_json
</Extension>
<Input auditoria>
Module   im_file
File     "E:\Dataside\SIEM*.json"
ReadFromLast False
SavePos False
</Input>
<Output graylog>
Module om_tcp
Host 10.100.8.113
Port 5555
</Output>
<Route auditoria-to-graylog>
Path		auditoria => graylog
</Route>