Many files sending logs to a Rsyslog server
I am currently using Nxlog CE v3.2.2329 in a Virtual Machine Windows 10 21H2 for sending logs to a Rsyslog server using Syslog RFC5424 version.
For this configuration, i use im_msvistalog for input and om_tcp with Exec to_syslog_ietf(); command to send them to the rsyslog server.
Path Source_Eventlogs => Dest_LogServer
In the rsyslog server i receipt logs using a template who send logs to the right folder and then the right file log
I met a first issue with security logs who where sent to a folder using the IP address. I assumed the issue was due to a failed resolving name and after adding the Nxlog client name to the /etc/hosts file and it solved the first issue.
I met a second issue with Eventlogs who create many folder in the rsyslog folder because the logs are sent without hostname.
For example i receive logs in a folder name VMICTimeProvider and when i look to the notice.log file i can see that there is no hostname
2023-07-22T09:18:39.022270+00:00. VMICTimeProvider (Local)
2023-07-23T09:40:51.040169+00:00. VMICTimeProvider (Local)
2023-07-24T08:03:51.264202+00:00. VMICTimeProvider (Local)
i tried to correct the receipt in the rsyslog side with receipt conditions like
But I have to do a line for any Windows collection in the file, and i think if i want to transfert the logs to another file server i will have the logs lines with missing hostname and i will met the same problem.
Thank you for your help.
the module will take the field called
EvtSystemComputer to fill
$Hostname → https://docs.nxlog.co/ce/current/index.html#im_msvistalog
If that's not present it will not be populated.
One way to work around it is a conditional → https://docs.nxlog.co/ce/current/index.html#lang_statement_if
defined operator → https://docs.nxlog.co/ce/current/index.html#lang_unary_operations
See the example there.