Request trial
Request Trial

xm_w3c does not work NXlog EE

View thread
absolis

hello, I am testing the NXlog EE, but the module xm_w3c does not work, do not parse the logs of BRO, you can help me.

<Extension w3c>
    Module xm_w3c
    Delimiter ,
</Extension>

<Input i.bro.log>
    Module im_file
    File "/mnt/*.log"
    InputType w3c
</Input>
<Output o.bro.log>
   Module om_ssl
   Host 192.168.0.38
   Port 10525
   CAFile /data/conf/ca.crt
   AllowUntrusted TRUE
</Output>
<Route r.bro.log>
    Path i.bro.log => o.bro.log
</Route>

# ./nxlog-processor 
2017-12-27 20:38:33 INFO connecting to 192.168.0.38:10525
2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S'
2017-12-27 20:39:47 ERROR last message repeated 15 times
2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE
2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE
2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S'
2017-12-27 20:39:47 ERROR last message repeated 10 times
2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE
2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S'
2017-12-27 20:39:47 ERROR last message repeated 34 times
2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE

Bro Files ![Bro files][Bro files]

Graylog2 Graylog2

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS