3
responses

NxLog to QRadar with TLS

Hello Everybody, 

We are currently using nxlog to send Windows logs to QRadar SIEM utsing TLS.

It works fine, but I receive extra lines in QRadar. I receive empty logs (containing Cg== on base 64, which seems to be a carriage return or a line break). 

The problem appears only when using module om_ssl, not whith om_tcp or om_udp. We tried to remove line break or carriage return using nxlog configuration, but  we still have the behaviour. 

AskedJanuary 25, 2016 - 11:49am