Some windows devices not reporting while the majority will
Good day everyone!
I am starting to use NXLog:CE in my environment and am having a few windows devices not reporting to my Observium server. I have the same .conf deployed across all windows devices. I am attempting to pattern hunt what could be different but being enterprise devices they are not configured much differently. I have a local debug file running and I am seeing events being written on all devices.
I know this is not much detail but I would appreciate any suggestions of places to look.
Thank you in advance,
Scott
Good day everyone!
I am starting to use NXLog:CE in my environment and am having a few windows devices not reporting to my Observium server. I have the same .conf deployed across all windows devices. I am attempting to pattern hunt what could be different but being enterprise devices they are not configured much differently. I have a local debug file running and I am seeing events being written on all devices.
I know this is not much detail but I would appreciate any suggestions of places to look.
Thank you in advance,
Scott
```
## Set the ROOT to the folder your nxlog was installed into,
## otherwise it won't start.
#To change for your own system if necessary
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
Define LOGOUT %ROOT%\data\nxlog_output.log
##Extension to format the message in JSON format
Module xm_json
##Extension to format the message in syslog format
Module xm_syslog
Module xm_fileop
# Check the size of our log file hourly, rotate if larger than 5MB
Every 1 hour
Exec if (file_exists('%ROOT%\data\nxlog_output.log') and \
(file_size('%ROOT%\data\nxlog_output.log') >= 5M)) \
file_cycle('%ROOT%\data\nxlog_output.log', 8);
# Rotate our log file every week on Sunday at midnight
When @weekly
Exec if file_exists('%ROOT%\data\nxlog_output.log') file_cycle('%ROOT%\data\nxlog_output.log', 8);
########## INPUTS ###########
##Input for windows event logs
# Use 'im_mseventlog' for Windows XP, 2000 and 2003
Module im_msvistalog
# Uncomment the following to collect specific event logs only
Query \
\
*\
*\
*\
\
############ OUTPUTS ##############
##TCP output module
Module om_udp
Host x.x.x.x
Port 514
Exec to_syslog_ietf();
Exec $Message = replace($Message, "\t", " "); $Message = replace($Message, "\n", " "); $Message = replace($Message, "\r", " ");
Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event);
############ ROUTES TO CHOOSE #####
Path in => out
```
