NXLOG version: NXLog CE 3.0.2272
OS version: Windows 2019 server
Issue: file_name() returns "unknown" in im_file module
Config:
<Input in_AppABC>
Module im_file
<Exec>
log_info('Filename is' + file_name());
</Exec>
File "C:\logs\AppABC.log"
</Input>
On our Graylog server we have GELF over TCP enabled. I use the following as a prototype Windows Server config file, with all relevant log paths defined for various services. We then just erase the lines we dont' want. I don't think I've seen a sample template, so this would have been useful when I was first building. Important to note, we didn't find any useful logs in event log for sharepoint, sccm, SQL Server, IIS, or Dynamics CRM, they log separately:
Hello,
I parameterized as seen in the examples the nxlog configuration file for the logs of my Windows 2016 servers, but when I restart the services with them. In the nxlog files I find this:
nxlog failed to start: Expected </Extension_gelf> but saw </Extension> at C:\Program Files (x86)\nxlog\conf\nxlog.conf:48
nxlog failed to start: Expected </Extension_gelf> but saw </Extension> at C:\Program Files (x86)\nxlog\conf\nxlog.conf:48
Hello everyone,
I have a window server that receives logs from other windows hosts (log collector) and from this last one, events are sent to a Fortisiem. The problem is that in SIEM the IP that appears is always the collector's IP and all host events are identified by that IP.
Is it possible to keep the original IP of each host?
Hi everyone!
You many help me, thanks a lot. I hope you kind to help me now.
My NXLog clients don't collect Windows System logs. And now I often see in my logs this message: