Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.

Tổ hợp Sun Riverpolis Đà Nẵng
Tổ hợp Sun Riverpolis Đà Nẵng Đà Nẵng sẵn sàng tâm thế đón làn sóng đầu tư mới. Phát biểu tại Diễn đàn, chủ toạ UBND thị thành Lê Trung Chinh cho biết, dù gặp nhiều khó khăn và chịu ảnh hưởng của đại dịch COVID-19, song thành thị luôn có sự chủ động và sẵn sàng để chuẩn bị đón các làn sóng dịch chuyển đầu tư mới. "Việc phủ rộng tiêm phòng vaccine cho toàn thể người dân, trong đấy mang những nhà đầu tư, các chuyên gia nước ngoài; việc thành lập những tổ công tác xúc tiến, dỡ gỡ khó khăn gặp khó khăn cho doanh nghiệp, nhà đầu tư do những đồng chí lãnh đạo của thị thành chủ trì để khai triển những dự án… đã khẳng định sự cam kết đồng hành của đô thị trong quyết tâm kiến lập niềm tin trong cộng đồng công ty và nhà đầu tư đối sở hữu môi trường đầu cơ của tỉnh thành Đà Nẵng", chủ tịch UBND thành thị Lê Trung Chinh nhấn mạnh. với chủ đề năm 2022 là “Năm thích nghi an toàn, cởi mở, kiểm soát hiệu quả dịch bệnh và hồi phục, phát triển kinh tế - phường hội” cùng những cơ chế, định hướng to đối mang sự trở thành xã trong khoảng Trung ương cộng mang sự kiểm soát tốt dịch bệnh COVID-19 thì đây chính là thời khắc phù hợp để Đà Nẵng đẩy nhanh tốc độ khai triển những Dự án và thu hút đầu cơ mạnh mẽ. Xem thêm: bán đất đầm sen nam hòa xuân. “Thành phường kỳ vọng Diễn đàn lần này sẽ thúc đẩy công tác thu hút đầu tư; tạo ra bước chuyển trong việc hiện thực hóa những Công trình động lực, trọng tâm ủ ấp trong suốt thời gian qua của đô thị. cùng lúc, được thấu hiểu và lắng nghe các quan niệm, yêu cầu từ toàn thể quý vị về các biện pháp khắc phục các rào cản, hạn chế; phát huy những lợi thế, tiềm năng và đón đầu hiệu quả các làn sóng chuyển dịch đầu tư đối sở hữu thị thành Đà Nẵng. trong khoảng đấy, chúng ta cùng chung tay để từng bước hiện thực hóa mục tiêu xây dựng một đô thị Đà Nẵng - đáng sống, đáng khiến cho việc và đáng đầu tư”, chủ tịch UBND tỉnh thành Lê Trung Chinh san sớt. Để đạt được những mục tiêu đề ra, theo chủ toạ UBND thị thành Lê Trung Chinh, trong khoảng lãnh đạo tới công chức của thị thành phải đổi mới tư duy, xác định những bí quyết làm cho mới 1 cách cụ thể, thích hợp mang quy định pháp lý và thực tế đặt ra; cũng như đặt người dân và doanh nghiệp ở vị trí đẹp của mỗi chính sách. đồng thời, rất cần sự dai sức, thông minh và sáng láng trong hồ hết hệ thống chính trị của thành phố; sự san sớt, đồng thuận từ phía người dân, cùng đồng công ty, nhà đầu tư; và đặc thù là sự định hướng, chỉ đạo kịp thời của lãnh đạo Chính phủ cùng những bộ lĩnh vực Trung ương. chủ tịch UBND thị thành Lê Trung Chinh thông tin, trong phạm vi của Diễn đàn đầu tư Đà Nẵng năm 2022 sẽ công khai thông tin về kế hoạch, tiến độ hoàn tất việc lập quy hoạch những phân khu chức năng theo Đồ án điều chỉnh quy hoạch chung Đà Nẵng tới năm 2030, tầm nhìn đến năm 2045 đã được Thủ tướng Chính phủ phê duyệt; thông tin quỹ đất và những Công trình trọng điểm để kêu gọi đầu cơ trên khu vực tỉnh thành để các nhà đầu cơ quan tâm Nhận định và khai triển thực hiện; song song sẽ bàn luận 1 số giải pháp trọng tâm đẩy mạnh công việc thu hút đầu tư chỉ cần khoảng tới. ngoài ra người mua sở hữu thể tham khảo thêm về Công trình bất động sản ở đà nẵng.

trong.kim created
Failed to load module xm_python
I have problem with use xm_python module. All works fine, but when add into config directive with xm_python module, I get ERROR Failed to load module from C:\Program Files\nxlog\modules\extension\xm_python.dll, The specified module could not be found. ; The specified module could not be found. This issue I have on three computers with different Windows system.

Tuple created
Replies: 2
View post »
last updated
Error when using to_syslog_ietf() function in config for Ubuntu 18.04
The following config file works in Ubuntu 14.04, but throws an error when used on an 18.04 server. Am I using the to_syslog_ietf() function incorrectly? ######################################## # Global directives # ######################################## User nxlog Group nxlog LogFile /var/log/nxlog/nxlog.log LogLevel INFO ##### Logging ##### <Input messages> Module im_file File "/var/log/syslog" </Input> <Input audit> Module im_file File "/var/log/audit/audit.log" # Exec $Message = $Hostname + ' ' + $raw_event; </Input> <Input auth> Module im_file File "/var/log/auth.log" </Input> <Input eve> Module im_file File "/var/log/suricata/eve.json" </Input> <Output tcp> Module om_tcp Host 10.10.10.33 Port 514 </Output> <Output tcp_audit> Module om_tcp Host 10.10.10.33 Port 514 Exec to_syslog_ietf(); </Output> <Output tcp_eve> Module om_tcp Host 10.10.10.33 Port 10002 </Output> <Route messages_to_tcp> Path messages, auth => tcp </Route> <Route messages_to_tcp_audit> Path audit => tcp_audit </Route> <Route eve_to_tcp> Path eve => tcp_eve </Route>

abajosh created
Replies: 1
View post »
last updated
Nxlog - Miliseconds difference in Event Timestamp
Hello Team, We are using below nxlog config to parse one application log file to Graylog. Nxlog is properly parsing file line by line to Graylog. But we are observing mismatch in timestamp (in 500 to 900 milliseconds) for actual event and showing in Graylog. Please let us know how to fix this issue. ===================================================================== <Input itmlog> Module im_file File "/opt/bin/applogs2*.txt" SavePos TRUE ReadFromLast FALSE InputType multiline PollInterval 1 Exec if $raw_event =~ /^(\d{4}-\d{2}-\d{2}\s+\d{2}:\d{2}\d{2}.\d{3})/ $EventTime = parsedate($1 + "Z"); Exec if $raw_event =~ /^.([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})|([^|])|([^|]+)|([\S\s])/ { $UUID = $1; $Plugin = $2; $Severity = $3; $Message = $4; } else if $raw_event =~ /^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}[.\d] ([^|]+)|([^|]+)|([\S\s]*)/ { $Plugin = $1; $Severity = $2; $Message = $3; } else { $Message = $raw_message; } Exec $facility = 'APP_UAT'; #Exec $EventTime = strftime($EventTime, "%Y-%m-%dT%H:%M:%SZ"); Exec $Hostname = %IP%; #Exec $FullMessage = ''; </Input> ========================================================================================

Avin created
Replies: 1
View post »
last updated
Looking for old install
Looking for a Windows version 2.8.1248 of NXLog. I am stuck trying to remove this application from a Windows machine but a system cleanup was performed so the cache of the installer is missing. Add remove programs is requesting my .msi file to continue removing. I tried going to the downloads page and altering the URL for the latest version to include an old version but it has been removed from the website.

DanielJay created
Replies: 1
View post »
last updated
Is NXlog able to do perform complex branching for Routes?
I am setting up NXLog Community Edition in an environment with multiple devices I want to monitor. I have already set up multiple routes of single inputs and outputs that does the job adequately, but I have a feeling I can get more complex and have less Routes to perform the same action. I have looked around the documentation and played with some prototypes but cannot find anything that works. So are any of the following ideas viable or does the Language prohibit them? Input Branching. Is it possible to route specific incoming logs to specific outputs or routes based in properties (For me it is $MessageSourceAddress)? Either by tagging the data, manipulating route data, etc. Processor Branching. Similar to #1, Is it possible to route or send logs to specific outputs based on properties (I am not sure if $MessageSourceAddress is usable in the processor or output modules). For example: Output Filtering. Is it possible to choose output destination (for me it will be a file) based on log parameters (again $MessageSourceAddress)? I think is my best option. For example: <Output Output_file> Module om_file <Exec> If $MessageSourceAddress = X.X.X.X { File '\TestLogs\Test\ test.log' … } else If $MessageSourceAddress = Y.Y.Y.Y { File '\TestLogs\Test2\ test2.log' … } else If $MessageSourceAddress = Z.Z.Z.Z { File '\TestLogs\Test3\ test3.log' … } </Exec> </Output> Thanks in advance!

OLDive created
Replies: 1
View post »
last updated
Message is shown as truncated in Wireshark when to_syslog_ietf() is used.
I am using nx log IETF ( i.e. to_syslog_ietf() ) format to write logs. But in Wireshark (Packet Detail Window)the message is shown as following . Message [truncated]: 1 2022-08-11T10:45:38.152473+05:30 LINL190403680 NCM 0 - [NXLOG@14506 Keywords="36028797018963968" EventType="INFO" EventID="0" Version="0" Task="0" OpcodeValue="0" RecordNumber="24530" ThreadID="0" Channel="Applicati Syslog version: 1 Syslog timestamp: Aug 11, 2022 10:45:38.000000000 UTC Syslog hostname: LINL190403680 Syslog app name: NCM Syslog process id: 0 Syslog message id [truncated]: - [NXLOG@14506 Keywords="36028797018963968" EventType="INFO" EventID="0" Version="0" Task="0" OpcodeValue="0" RecordNumber="24530" ThreadID="0" Channel="Application" Opcode="Info" EventReceivedTime="2022-08- whereas using BSD format not causing this issue. Required format is shown below Priority (enclosed in < >) representing both facility and severity <30> Syslog Version: 1 Syslog timestamp: 2022-08-11T10:45:38.152473+05:30 Syslog hostname: LINL190403680 Syslog app name: NCM Syslog Process id: 0 Message identifier: Optional message specific properties (structured data) (enclosed in [ ]) : [NXLOG@14506 Keywords="36028797018963968" EventType="INFO" EventID="0" Version="0" Task="0" OpcodeValue="0" RecordNumber="24530" ThreadID="0" Channel="Application" Opcode="Info" EventReceivedTime="2022-08-11 10:45:38" SourceModuleName="ExtendedWindowsToCollect" SourceModuleType="im_msvistalog"] a human readable message (encoded in UTF-8 and starting with BOM, or ASCII 7 only bytes) : [CB-002] Application is stopped sucessfully.

Prakash13011993 created
Replies: 1
View post »
last updated
Can't receive syslog from remote web-based app
There's a remote web-based app that can send syslog to an Ip/port. I've installed nxlog on my system and my current nxlog/conf/nxlog.conf file contains these lines <Input in> Module im_tcp Host 0.0.0.0 Port 1514 Exec parse_syslog(); </Input> I assume 0.0.0.0 here would mean localhost? However, the web-based app is failing to send the logs. I've pointed a sub-domain to my local machine where nxlog is installed and the web-based app is using the sub-domain to send logs to nxlogs. I'm not sure what goes in the 'host' filed in above lines? Any idea how I should go about debugging this?

fm2022 created
Replies: 1
View post »
last updated
NXLog CE 3.0.2284 Crashed After Graylog Reboot
Hi everybody, I upgraded my whole domain to Graylog 3.0.2284 yesterday, and decided to reboot my Graylog Server to clear all the RAM etc on it. When I restarted the Graylog Server, all the updated host got their NXLog service to "terminate unexpectedly" (info from EventID 7034, Windows Event Log). No information in the nxlog log file, and I needed to start all my services manually. What's wrong...? Thanks!

hebval created
Replies: 1
View post »
last updated
Authenticate macOS senders over TLS with certificates in System Keychain?
Hello, We are deploying NXLog Enterprise on a fleet of macOS devices with the goals to collect endpoint events even remotely. Which mean Graylog GELF exposed over Internet, with TLS encryption and certificate authentication requirements. I see that om_ssl can do the job of TLS communication and even client authentication, but the settings I see are using file path for the Private Key. Is there a way to have NXLog with om_ssl on macOS using a certificate from the System Keychain ? Thanks

ygini created
Replies: 1
View post »
last updated
System or Team Identifiers for MacOS and JAMF?
Has anyone used JAMF to distribute this to Macs? We are rolling out NXLog to our Macs. I have the installer working, but don't have any security info to configure things like PPPC or System Extensions. I was able to manually tick the box for Full Disk Access, but I am still getting an error message saying that im_maces|in NXLog requires Transparency, Consent, and Control (TCC) approval to connect to Endpoint Security. If I can find the Bundle ID and Identifier, I should be able to roll that info a PPPC configuration profile which will flip the switch to turn on the Full Disk Access during install, so I don't have to manually do that. Then to clear the error message I am getting above, I likely need a Team Identifier and/or System Extension type for the System Extensions portion of the Configuration Profile in JAMF? But I have checked this website and don't seem to find anything here in the documentation or message boards about any identifier. Is there a way to find this info out by looking on a system that has the software installed?

VintageMacGuy created
Replies: 1
View post »
last updated
How to send multiple log files in a directory to rsyslog server
Hi, We have one Oracle DB server and DBA needs to send all *.aud files from /u01/app/admin/admin/STG19/adump to remote syslog server. How do we configure nxlog file for the same Tejas Pandhare

tejas.pandhare created
Replies: 1
View post »
last updated
Does NXlog CE 3.x have something equivalent to the DateFormat option in EE?
Hello - Just checking - in a scenario where there are several hosts across multiple timezones is there a configuration method available for the 3.x version of Nxlog CE to always send logs in UTC similar to the DateFormat option in EE? I've seen options such as doing math on the timezones via the nxlog.conf but I'm hoping to create a template that can be used on multiple hosts without having to modify each host's nxlog.conf to take account of local timezone on each host. Thank you!

crobert created
Configuring om_batchcompress and im_batchcompress
Hello everyone, I find myself configuring NXLog EE 5 with the batchcompress modules, but it does not connect the client with the server. My client configuration is: define ROOT C:\Program Files\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log #Lectura de los registros de auditoria <Input eventlog> Module im_msvistalog <QueryXML> <QueryList> <Query Id='0'> <Select Path='Application'></Select> <Select Path='Security'>[System/Level&lt;4]</Select> <Select Path='System'>*</Select> </Query> </QueryList> </QueryXML> </Input> <Output out_batch> Module om_batchcompress Host 192.168.1.11 Port 2514 </Output> #Envio de los datos de la entrada a la salida <Route route_Pattern> Path eventlog => out_batch </Route> And the following error is: "couldn't connect to 10.0.200.11:2514; A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond." My server configuration is: define ROOT C:\Program Files\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log #Extensiones de los logs <Extension json> Module xm_json </Extension> #Lectura de los registros de cliente <Input in_batch> Module im_batchcompress ListenAddr 0.0.0.0:2514 </Input> #Salida de las lecturas realizadas mediante UDP y en formato JSON <Output udp> Module om_udp Host 192.168.2.6:514 Exec to_json(); </Output> #Envio de los datos de la entrada a la salida <Route route_Pattern> Path in_batch => udp </Route> And if I get the message of listening on port 2514 Can you help me to determine what I am missing in my configuration, I appreciate your help.

gms_jpacheco created
NXLog and DHCP Log Files issue
Hi All, I am using NXlog to forward DHCP events from Windows DHCP Servers. This is working as intended, however I have the following issue: At midnight DHCP rotates the log file used for the next day and archives off the old one. When this occurs I get the following Events logged by DHCP to the Windows Event Log: "The DHCP service failed to initialize the audit log. The following error occurred: Access is denied." This is event id 1028 logged by the DHCP service. At the same time NXLog also logs an error about the file: 2022-07-26 00:00:26 ERROR apr_stat() failed on file C:\Windows\system32\dhcp\DhcpSrvLog-Tue.log; Access is denied. 2022-07-26 00:00:28 WARNING input file was deleted: C:\Windows\system32\dhcp\DhcpSrvLog-Tue.log Both DHCP and NXLog are able to read the new files after this, as it is the log archiving operation from DHCP and NXLog's lock on the file that I suspect causes these to be logged. Our issue is that our Monitoring systems are picking on on the DHCP errors and causing alerts. I do not want to turn of monitoring for these events for obvious reasons. Is there something I can configure / do to prevent this issue from occurring? I have also included my .conf file snippets for the DHCP options below: <Input MSDHCPLOGIN> Module im_file File 'C:\Windows\system32\dhcp\DhcpSrvLog-*.log' SavePos TRUE InputType LineBased Exec if $raw_event == '' drop(); Exec $Hostname = hostname_fqdn();$SourceName = "DHCPLog";$Message = $raw_event; </Input> <Output MSDHCPLOGOUT1> Module om_udp Host %XDR1% Port %PORT% Exec $SyslogFacilityValue = 21;$Severity = 'INFO';to_syslog_bsd(); </Output> Thanks in Advance.

beefy66 created
Need to create statistics with a 5 minute window
I'm trying to create a stat which gives a RATE for the last 5 minutes whenever you run get_stat. The code example below runs within a im_msvistalog module Each of the stats are updates using add_stat('NAME', 1, $EventReceivedTime) in the main Exec block. The first schedule (re)creates the stats each hour - see below The second schedule outputs the stats each minute - see below <Schedule> Every 1 hour <Exec> create_stat('ep1m', 'RATE', 60, now(), 3600); # Change of count of events in the last 1 MINUTE create_stat('ep5m', 'RATE', 300, now(), 3600); # Change of count (i.e. rate) of events in the last 5 MINUTES </Exec> </Schedule> <Schedule> Every 1 min <Exec> log_info(get_stat('ep1m') + ' events collected from Windows Security Event Log in the last 1 minutes'); log_info(get_stat('ep5m') + ' events collected from Windows Security Event Log in the last 5 minutes'); </Exec> </Schedule> The stat that gives me a rate per minute is working fine. The stat that gives me a rate per 5 minutes is not working as expected. create_stat('ep5m', 'RATE', 300, now(), 3600); My expectation was that each minute, when I write the log, it would give me the RATE (i.e. change in count) for the last 300 seconds. I expected this value to go up and down each minute when I write the log info output. Instead it seems to be grouping the statistics into fixed 5 minute windows from the creation of the counter. That is, a RATE for the first 0-5 mins, then a new RATE for the next 5-10 mins, etc. Is there a way to ensure that when I query the statistics for the last 5 minutes it always gives me the interval between now() and 300 seconds ago?

cjj1977 created
Log's encryption in community edition
Hello, The question is whether there is encryption of the logs in community edition? And can I deploy nxlog community edition with custom config via group policy? Thanks in advance!

empty123 created
Replies: 1
View post »
last updated
Is there a way to Reload NXlog Config using <Schedule>?
Im looking for ways to reload nxlog config globally using the <schedule> option without having to restart the service or use the 'Update and Reload' button in nxlog manager. Is there a certain paramerter that can be used in the conf file that will do this on a specific cadence?

Jwaldon-oti created
Replies: 1
View post »
last updated
ODBC (im_odbc) lost connectio after database restart
Hi, we use ODBC (im_odbc) to read some data from Oracle database and write them on a file. The polling interval is 15 mins. We noticed that when database service restarts, ODBC (im_odbc) do not restart automatically the connections. The only way I found to solve this problem is to stop and start nxlog service. Is there any parameter that force the nxlog to reconnect when existing connection is lost? Thanks

Operation created
Replies: 2
View post »
last updated
Microsoft Defender Antivirus Events
Hi, I'd like to log my Microsoft Defender Events (EventID:1116) so when a malware is detected, I get it on my Graylog server. Problem is that with Server 2016/Windows 10, the logs are too many for a simple input (with the 256 limit). So I decided to filter some, and to only get some of them : <Input in> Module im_msvistalog Query <QueryList> <Query Id="0"> <Select Path="Application"></Select> <Select Path="System"></Select> <Select Path="Security"></Select> <Select Path="Windows PowerShell"></Select> <Select Path="Microsoft-Windows-Windows Defender/Operational">*</Select> </Query> </QueryList> I receive my App, Sys, Security, and Powershell in Graylog but not my Windows Defender events. I tried to generate logs multiple times, with some EICAR files, the logs appear in the Event Viewer, but nothing appears in my Graylog Server. Any help please ? :) thanks

hebval created
Replies: 1
View post »
last updated