NXLog search
Let's talk Start free
Let's talk Start free

Some windows devices not reporting while the majority will

Tags:
#1 sconnary32

Good day everyone!

I am starting to use NXLog:CE in my environment and am having a few windows devices not reporting to my Observium server. I have the same .conf deployed across all windows devices. I am attempting to pattern hunt what could be different but being enterprise devices they are not configured much differently. I have a local debug file running and I am seeing events being written on all devices.

I know this is not much detail but I would appreciate any suggestions of places to look.

Thank you in advance,

Scott

Permalink
#2 sconnary32
#1 sconnary32
Good day everyone! I am starting to use NXLog:CE in my environment and am having a few windows devices not reporting to my Observium server. I have the same .conf deployed across all windows devices. I am attempting to pattern hunt what could be different but being enterprise devices they are not configured much differently. I have a local debug file running and I am seeing events being written on all devices. I know this is not much detail but I would appreciate any suggestions of places to look. Thank you in advance, Scott

Here is my .conf:

<br/>## Set the ROOT to the folder your nxlog was installed into, <br/>## otherwise it won't start. <br/>#To change for your own system if necessary <br/>define ROOT C:\Program Files (x86)\nxlog <br/> <br/>Moduledir %ROOT%\modules <br/>CacheDir %ROOT%\data <br/>Pidfile %ROOT%\data\nxlog.pid <br/>SpoolDir %ROOT%\data <br/>LogFile %ROOT%\data\nxlog.log <br/>Define LOGOUT %ROOT%\data\nxlog_output.log <br/> <br/>##Extension to format the message in JSON format <br/><Extension json> <br/> Module xm_json <br/></Extension> <br/>##Extension to format the message in syslog format <br/><Extension syslog> <br/>Module xm_syslog <br/></Extension> <br/> <br/><Extension fileop> <br/> Module xm_fileop <br/> <br/># Check the size of our log file hourly, rotate if larger than 5MB <br/> <Schedule> <br/> Every 1 hour <br/> Exec if (file_exists('%ROOT%\data\nxlog_output.log') and \ <br/> (file_size('%ROOT%\data\nxlog_output.log') >= 5M)) \ <br/> file_cycle('%ROOT%\data\nxlog_output.log', 8); <br/> </Schedule> <br/> <br/> # Rotate our log file every week on Sunday at midnight <br/> <Schedule> <br/> When @weekly <br/> Exec if file_exists('%ROOT%\data\nxlog_output.log') file_cycle('%ROOT%\data\nxlog_output.log', 8); <br/> </Schedule> <br/></Extension> <br/> <br/> <br/>########## INPUTS ########### <br/>##Input for windows event logs <br/><Input in> <br/># Use 'im_mseventlog' for Windows XP, 2000 and 2003 <br/>Module im_msvistalog <br/># Uncomment the following to collect specific event logs only <br/>Query <QueryList>\ <br/><Query Id="0">\ <br/><Select Path="Application">*</Select>\ <br/><Select Path="System">*</Select>\ <br/><Select Path="Security">*</Select>\ <br/></Query>\ <br/></QueryList> <br/></Input> <br/>############ OUTPUTS ############## <br/>##TCP output module <br/><Output out> <br/> Module om_udp <br/> Host x.x.x.x <br/> Port 514 <br/> Exec to_syslog_ietf(); <br/> Exec $Message = replace($Message, "\t", " "); $Message = replace($Message, "\n", " "); $Message = replace($Message, "\r", " "); <br/> Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event); <br/></Output> <br/>############ ROUTES TO CHOOSE ##### <br/><Route 1> <br/> Path in => out <br/></Route> <br/> <br/>
Login to see more