1
response

Sending Windows Defender event logs to syslog properly

Hi,

I've want to include nxlog to send all Windows logs to syslog plus Microsoft-Windows-Windows Defender/Operational, however as "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog" doesn't seem to include "Microsoft-Windows-Windows Defender" it doesn't read that config in at start and send those Windows Defender logs.

AskedJune 28, 2020 - 8:16am
1
response

Deleting fields from message

I am trying to reduce the size of the message sent from my Windows event logs to graylog and I cannot for the life of me figuring out how tell it to drop certain fields

The only thing I can figure out is that i'm supposed to use delete() but how to use and where to place it in my config is very frustrating.

AskedJune 26, 2020 - 8:10pm
2
responses

Using Nxlog as syslog forwarder

I'm currently using nxlog to filter and forward syslog: Source => Filter Logs on intermediate server with nxlog installed => forward udp 514 (syslog).

Config looks like the following:

AskedJune 23, 2020 - 4:45pm
3
responses

Guidance on filtering / per line additions - Config Help

Hi All,

Needed help with parsing/modify. Would greatly appreciate some direction. At the moment, I am parsing a plain-test log-file and sending to a remote server:

Jun 19 16:29:28 server12345 [...] 
Jun 19 16:29:28 server12345 --- 
Jun 19 16:29:27 server12345 [program.state :3371]

The above is what I get with parsing. I was hoping to make every line transform like this

AskedJune 22, 2020 - 10:07pm
1
response

End process when EOF Reached

Hello - new to nxlog. Trying to end nxlog process when EOF reached on input file. Any help appreciated.

Thanks,
Andrew

AskedJune 22, 2020 - 7:00pm

Pages