Hi!
We have nxlog ce running in a Windows machine. It works ok.
- If time is changed to the future, it continues forwarding logs.
- However, if time is changed to the past, logs are not forwarded anymore. This affects to logs from windows events, from a text file, etc.
NXLOG version: NXLog CE 3.0.2272
OS version: Windows 2019 server
Issue: file_name() returns "unknown" in im_file module
Config:
<Input in_AppABC>
Module im_file
<Exec>
log_info('Filename is' + file_name());
</Exec>
File "C:\logs\AppABC.log"
</Input>
On our Graylog server we have GELF over TCP enabled. I use the following as a prototype Windows Server config file, with all relevant log paths defined for various services. We then just erase the lines we dont' want. I don't think I've seen a sample template, so this would have been useful when I was first building. Important to note, we didn't find any useful logs in event log for sharepoint, sccm, SQL Server, IIS, or Dynamics CRM, they log separately:
Hello,
I parameterized as seen in the examples the nxlog configuration file for the logs of my Windows 2016 servers, but when I restart the services with them. In the nxlog files I find this:
nxlog failed to start: Expected </Extension_gelf> but saw </Extension> at C:\Program Files (x86)\nxlog\conf\nxlog.conf:48
nxlog failed to start: Expected </Extension_gelf> but saw </Extension> at C:\Program Files (x86)\nxlog\conf\nxlog.conf:48
Hello everyone,
I have a window server that receives logs from other windows hosts (log collector) and from this last one, events are sent to a Fortisiem. The problem is that in SIEM the IP that appears is always the collector's IP and all host events are identified by that IP.
Is it possible to keep the original IP of each host?