CentOS 7 NXLog EE not forwarding
I have a fresh install of CentOS 7 and NXLog EE.
The Config File was restored from a previous install.
The logs are coming into the system but do not appear to be sending out. The only events I see in the NXLog.Log file are related to the SSL Cert not being available for agent-ca.pem.
2019-05-30 16:51:27 INFO nxlog-4.4.4347 started 2019-05-30 16:51:27 ERROR SSL error, failed to load ca cert from '/opt/nxlog/var/lib/nxlog/cert/agent-ca.pem', reason: No such file or directory, no such file, system lib 2019-05-30 16:53:11 INFO configuration OK
I would assume this is at the system level but am not sure what it might be.
Anyone have any experience setting up and configuring NXLog on CentOS?
2019-05-30 16:51:27 ERROR SSL error, failed to load ca cert from '/opt/nxlog/var/lib/nxlog/cert/agent-ca.pem', reason: No such file or directory, no such file, system lib
This is likely due to the conf file referencing log4ensics.conf.
# By default, `LogFile %MYLOGFILE%` is set in log4ensics.conf. This # allows the log file location to be modified via NXLog Manager. If you # are not using NXLog Manager, you can instead set `LogFile` below and # disable the `include` line. #LogFile %MYLOGFILE% include %CONFDIR%/log4ensics.conf
As for the main issue you are having, it is hard to say without knowing more about your setup and environment.
The general way to see where your events are internally is to add
log_info($SourceModuleName + " : " + $raw_event); style statements to see events in context.
Setting up an
Output in the
Route can help as well. After you have established the Input and Output is working as expected, make sure that it is being put on the network with tcpdump or wireshark or similar. If seeing if fields are created/passed correctly is a concern, you could use
to_json(); to see the fields clearly.