Hello everyone,
I have a window server that receives logs from other windows hosts (log collector) and from this last one, events are sent to a Fortisiem. The problem is that in SIEM the IP that appears is always the collector's IP and all host events are identified by that IP.
Is it possible to keep the original IP of each host?
Hi everyone!
You many help me, thanks a lot. I hope you kind to help me now.
My NXLog clients don't collect Windows System logs. And now I often see in my logs this message:
Hello, I have recently been trying up a syslog-ng server for various devices and have tried a couple of things for sending Windows Events to the server.
Finally decieded that NXLog will do what I need and I have gotten sent some events over without much configuration, but when trying filter within the .conf file, it always fails. I can't really find much good information as to why it might be failing, as it seems that it should be correct.(to me anyway)
I am trying to install nxlog on Windows server 2000. However, I get the error "Installation directory must be on a local hard drive."
I have tried using administrative command prompt, Same Error.
Can anyone help me out here?
Hi,
I'm using the im_msvistalog input to grab events from the Windows security log however the important information is being ignored.
This is one my Windows events:
