Forwarding events from Windows eventlog collector's "Forwarded Events" to Sumo

Hi All,

Checking to see if anyone has run into this.  I have a windows eventlog collector, with a subscription setup to move specific security audit events to the "Forwarded Events" log.  From there, I am looking to push those logs to Sumologic.  Unfortunately Sumo's collector does not handle this well due to the out of sequence EventRecordID of the various events coming from multiple desktops/servers we're collecting from.


AskedMarch 20, 2017 - 4:35pm

regex to drop certain string from message

Hello All,


I am new to nxlog or rather logics in terms of regex and all. 

I am looking to drop any message which has *.*.*.255 in message field. I tried below , however it does not seem to be working for me:


Exec if $Message =~ /^([01][0-9][0-9]|2[0-4][0-9]|25[0-5]) . ^([01][0-9][0-9]|2[0-4][0-9]|25[0-5]) . ^([01][0-9][0-9]|2[0-4][0-9]|25[0-5]) . 255/  drop();


Please suggest

AskedMarch 20, 2017 - 2:46pm

Collecting & storing windows syslog locally on host machine

Hi there!

I am a college student...i am working on windows event logger to collect & analyse windows logs(event & syslog).

I don't know how to configure nxlog.conf file such that ... i can get all windows generated logs locally on host machine.

Waiting for reply.

Thank You

AskedMarch 16, 2017 - 7:28am