nxlog service is stopping with - WARNING nxlog-ce received a termination request signal, exiting... | View post

Jack123 4 months ago (Last updated 4 months ago )

I am having problems with the nxlog service being stopped randomly with the log entry:

"WARNING nxlog-ce received a termination request signal, exiting...”

I have nxlog installed on Windows 2016 server sending powershell windows event logs to Rapid7 IDR SIEM collector

I have looked in application, security and system windows event logs, but I can't see what is stopping it. I am new to nxlog, so it could well be my config:

Panic Soft

#NoFreeOnExit TRUE

define ROOT C:\Program Files\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf\nxlog.d
define LOGDIR %ROOT%\data

include %CONFDIR%\\*.conf
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%
LogLevel DEBUG

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data

<Extension _syslog>
Module xm_syslog
</Extension>

# Input: PowerShell logs only
<Input powershell_logs>
Module im_msvistalog
PollInterval 30
Query <QueryList>\
<Query Id="0">\
<Select Path="Microsoft-Windows-PowerShell/Admin">*</Select>\
<Select Path="Microsoft-Windows-PowerShell/Operational">*</Select>\
<Select Path="Windows PowerShell">*</Select>\
</Query>\
</QueryList>
</Input>

# Output: Send to SIEM at 10.20.2.10:1563
<Output to_siem>
Module om_udp
Host 10.20.2.10
Port 1563
Exec to_syslog_snare();
</Output>

# Route: PowerShell logs => SIEM
<Route 1>
Path powershell_logs => to_siem
</Route>