Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.
Tổ hợp Sun Riverpolis Đà Nẵng
trong.kim created
Tổ hợp Sun Riverpolis Đà Nẵng
Đà Nẵng sẵn sàng tâm thế đón làn sóng đầu tư mới. Phát biểu tại Diễn đàn, chủ toạ UBND thị thành Lê Trung Chinh cho biết, dù gặp nhiều khó khăn và chịu ảnh hưởng của đại dịch COVID-19, song thành thị luôn có sự chủ động và sẵn sàng để chuẩn bị đón các làn sóng dịch chuyển đầu tư mới. "Việc phủ rộng tiêm phòng vaccine cho toàn thể người dân, trong đấy mang những nhà đầu tư, các chuyên gia nước ngoài; việc thành lập những tổ công tác xúc tiến, dỡ gỡ khó khăn gặp khó khăn cho doanh nghiệp, nhà đầu tư do những đồng chí lãnh đạo của thị thành chủ trì để khai triển những dự án… đã khẳng định sự cam kết đồng hành của đô thị trong quyết tâm kiến lập niềm tin trong cộng đồng công ty và nhà đầu tư đối sở hữu môi trường đầu cơ của tỉnh thành Đà Nẵng", chủ tịch UBND thành thị Lê Trung Chinh nhấn mạnh. với chủ đề năm 2022 là “Năm thích nghi an toàn, cởi mở, kiểm soát hiệu quả dịch bệnh và hồi phục, phát triển kinh tế - phường hội” cùng những cơ chế, định hướng to đối mang sự trở thành xã trong khoảng Trung ương cộng mang sự kiểm soát tốt dịch bệnh COVID-19 thì đây chính là thời khắc phù hợp để Đà Nẵng đẩy nhanh tốc độ khai triển những Dự án và thu hút đầu cơ mạnh mẽ.
Xem thêm: bán đất đầm sen nam hòa xuân.
“Thành phường kỳ vọng Diễn đàn lần này sẽ thúc đẩy công tác thu hút đầu tư; tạo ra bước chuyển trong việc hiện thực hóa những Công trình động lực, trọng tâm ủ ấp trong suốt thời gian qua của đô thị. cùng lúc, được thấu hiểu và lắng nghe các quan niệm, yêu cầu từ toàn thể quý vị về các biện pháp khắc phục các rào cản, hạn chế; phát huy những lợi thế, tiềm năng và đón đầu hiệu quả các làn sóng chuyển dịch đầu tư đối sở hữu thị thành Đà Nẵng. trong khoảng đấy, chúng ta cùng chung tay để từng bước hiện thực hóa mục tiêu xây dựng một đô thị Đà Nẵng - đáng sống, đáng khiến cho việc và đáng đầu tư”, chủ tịch UBND tỉnh thành Lê Trung Chinh san sớt. Để đạt được những mục tiêu đề ra, theo chủ toạ UBND thị thành Lê Trung Chinh, trong khoảng lãnh đạo tới công chức của thị thành phải đổi mới tư duy, xác định những bí quyết làm cho mới 1 cách cụ thể, thích hợp mang quy định pháp lý và thực tế đặt ra; cũng như đặt người dân và doanh nghiệp ở vị trí đẹp của mỗi chính sách. đồng thời, rất cần sự dai sức, thông minh và sáng láng trong hồ hết hệ thống chính trị của thành phố; sự san sớt, đồng thuận từ phía người dân, cùng đồng công ty, nhà đầu tư; và đặc thù là sự định hướng, chỉ đạo kịp thời của lãnh đạo Chính phủ cùng những bộ lĩnh vực Trung ương. chủ tịch UBND thị thành Lê Trung Chinh thông tin, trong phạm vi của Diễn đàn đầu tư Đà Nẵng năm 2022 sẽ công khai thông tin về kế hoạch, tiến độ hoàn tất việc lập quy hoạch những phân khu chức năng theo Đồ án điều chỉnh quy hoạch chung Đà Nẵng tới năm 2030, tầm nhìn đến năm 2045 đã được Thủ tướng Chính phủ phê duyệt; thông tin quỹ đất và những Công trình trọng điểm để kêu gọi đầu cơ trên khu vực tỉnh thành để các nhà đầu cơ quan tâm Nhận định và khai triển thực hiện; song song sẽ bàn luận 1 số giải pháp trọng tâm đẩy mạnh công việc thu hút đầu tư chỉ cần khoảng tới. ngoài ra người mua sở hữu thể tham khảo thêm về Công trình bất động sản ở đà nẵng.
trong.kim created
Failed to load module xm_python
Tuple created
I have problem with use xm_python module. All works fine, but when add into config directive with xm_python module, I get ERROR Failed to load module from C:\Program Files\nxlog\modules\extension\xm_python.dll, The specified module could not be found. ; The specified module could not be found.
This issue I have on three computers with different Windows system.
Tuple created
Error when using to_syslog_ietf() function in config for Ubuntu 18.04
abajosh created
The following config file works in Ubuntu 14.04, but throws an error when used on an 18.04 server. Am I using the to_syslog_ietf() function incorrectly?
########################################
# Global directives #
########################################
User nxlog
Group nxlog
LogFile /var/log/nxlog/nxlog.log
LogLevel INFO
##### Logging #####
<Input messages>
Module im_file
File "/var/log/syslog"
</Input>
<Input audit>
Module im_file
File "/var/log/audit/audit.log"
# Exec $Message = $Hostname + ' ' + $raw_event;
</Input>
<Input auth>
Module im_file
File "/var/log/auth.log"
</Input>
<Input eve>
Module im_file
File "/var/log/suricata/eve.json"
</Input>
<Output tcp>
Module om_tcp
Host 10.10.10.33
Port 514
</Output>
<Output tcp_audit>
Module om_tcp
Host 10.10.10.33
Port 514
Exec to_syslog_ietf();
</Output>
<Output tcp_eve>
Module om_tcp
Host 10.10.10.33
Port 10002
</Output>
<Route messages_to_tcp>
Path messages, auth => tcp
</Route>
<Route messages_to_tcp_audit>
Path audit => tcp_audit
</Route>
<Route eve_to_tcp>
Path eve => tcp_eve
</Route>
abajosh created
Nxlog - Miliseconds difference in Event Timestamp
Avin created
Hello Team,
We are using below nxlog config to parse one application log file to Graylog. Nxlog is properly parsing file line by line to Graylog. But we are observing mismatch in timestamp (in 500 to 900 milliseconds) for actual event and showing in Graylog. Please let us know how to fix this issue.
=====================================================================
<Input itmlog>
Module im_file
File "/opt/bin/applogs2*.txt"
SavePos TRUE
ReadFromLast FALSE
InputType multiline
PollInterval 1
Exec if $raw_event =~ /^(\d{4}-\d{2}-\d{2}\s+\d{2}:\d{2}\d{2}.\d{3})/ $EventTime = parsedate($1 + "Z");
Exec if $raw_event =~ /^.([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})|([^|])|([^|]+)|([\S\s])/
{
$UUID = $1;
$Plugin = $2;
$Severity = $3;
$Message = $4;
}
else if $raw_event =~ /^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}[.\d] ([^|]+)|([^|]+)|([\S\s]*)/
{
$Plugin = $1;
$Severity = $2;
$Message = $3;
}
else
{
$Message = $raw_message;
}
Exec $facility = 'APP_UAT';
#Exec $EventTime = strftime($EventTime, "%Y-%m-%dT%H:%M:%SZ");
Exec $Hostname = %IP%;
#Exec $FullMessage = '';
</Input>
========================================================================================
Avin created
Looking for old install
DanielJay created
Looking for a Windows version 2.8.1248 of NXLog. I am stuck trying to remove this application from a Windows machine but a system cleanup was performed so the cache of the installer is missing. Add remove programs is requesting my .msi file to continue removing. I tried going to the downloads page and altering the URL for the latest version to include an old version but it has been removed from the website.
DanielJay created
Is NXlog able to do perform complex branching for Routes?
OLDive created
I am setting up NXLog Community Edition in an environment with multiple devices I want to monitor. I have already set up multiple routes of single inputs and outputs that does the job adequately, but I have a feeling I can get more complex and have less Routes to perform the same action. I have looked around the documentation and played with some prototypes but cannot find anything that works. So are any of the following ideas viable or does the Language prohibit them?
Input Branching. Is it possible to route specific incoming logs to specific outputs or routes based in properties (For me it is $MessageSourceAddress)? Either by tagging the data, manipulating route data, etc.
Processor Branching. Similar to #1, Is it possible to route or send logs to specific outputs based on properties (I am not sure if $MessageSourceAddress is usable in the processor or output modules). For example:
Output Filtering. Is it possible to choose output destination (for me it will be a file) based on log parameters (again $MessageSourceAddress)? I think is my best option. For example:
<Output Output_file>
Module om_file
<Exec>
If $MessageSourceAddress = X.X.X.X
{
File '\TestLogs\Test\ test.log'
…
}
else If $MessageSourceAddress = Y.Y.Y.Y
{
File '\TestLogs\Test2\ test2.log'
…
}
else If $MessageSourceAddress = Z.Z.Z.Z
{
File '\TestLogs\Test3\ test3.log'
…
}
</Exec>
</Output>
Thanks in advance!
OLDive created
Message is shown as truncated in Wireshark when to_syslog_ietf() is used.
Prakash13011993 created
I am using nx log IETF ( i.e. to_syslog_ietf() ) format to write logs. But in Wireshark (Packet Detail Window)the message is shown as following .
Message [truncated]: 1 2022-08-11T10:45:38.152473+05:30 LINL190403680 NCM 0 - [NXLOG@14506 Keywords="36028797018963968" EventType="INFO" EventID="0" Version="0" Task="0" OpcodeValue="0" RecordNumber="24530" ThreadID="0" Channel="Applicati
Syslog version: 1
Syslog timestamp: Aug 11, 2022 10:45:38.000000000 UTC
Syslog hostname: LINL190403680
Syslog app name: NCM
Syslog process id: 0
Syslog message id [truncated]: - [NXLOG@14506 Keywords="36028797018963968" EventType="INFO" EventID="0" Version="0" Task="0" OpcodeValue="0" RecordNumber="24530" ThreadID="0" Channel="Application" Opcode="Info" EventReceivedTime="2022-08-
whereas using BSD format not causing this issue. Required format is shown below
Priority (enclosed in < >) representing both facility and severity <30>
Syslog Version: 1
Syslog timestamp: 2022-08-11T10:45:38.152473+05:30
Syslog hostname: LINL190403680
Syslog app name: NCM
Syslog Process id: 0
Message identifier:
Optional message specific properties (structured data) (enclosed in [ ]) : [NXLOG@14506 Keywords="36028797018963968" EventType="INFO" EventID="0" Version="0" Task="0" OpcodeValue="0" RecordNumber="24530" ThreadID="0" Channel="Application" Opcode="Info" EventReceivedTime="2022-08-11 10:45:38" SourceModuleName="ExtendedWindowsToCollect" SourceModuleType="im_msvistalog"]
a human readable message (encoded in UTF-8 and starting with BOM, or ASCII 7 only bytes) : [CB-002] Application is stopped sucessfully.
Prakash13011993 created
Can't receive syslog from remote web-based app
fm2022 created
There's a remote web-based app that can send syslog to an Ip/port. I've installed nxlog on my system and my current nxlog/conf/nxlog.conf file contains these lines
<Input in>
Module im_tcp
Host 0.0.0.0
Port 1514
Exec parse_syslog();
</Input>
I assume 0.0.0.0 here would mean localhost? However, the web-based app is failing to send the logs. I've pointed a sub-domain to my local machine where nxlog is installed and the web-based app is using the sub-domain to send logs to nxlogs. I'm not sure what goes in the 'host' filed in above lines? Any idea how I should go about debugging this?
fm2022 created
NXLog CE 3.0.2284 Crashed After Graylog Reboot
hebval created
Hi everybody,
I upgraded my whole domain to Graylog 3.0.2284 yesterday, and decided to reboot my Graylog Server to clear all the RAM etc on it.
When I restarted the Graylog Server, all the updated host got their NXLog service to "terminate unexpectedly" (info from EventID 7034, Windows Event Log).
No information in the nxlog log file, and I needed to start all my services manually.
What's wrong...?
Thanks!
hebval created
Authenticate macOS senders over TLS with certificates in System Keychain?
ygini created
Hello,
We are deploying NXLog Enterprise on a fleet of macOS devices with the goals to collect endpoint events even remotely. Which mean Graylog GELF exposed over Internet, with TLS encryption and certificate authentication requirements.
I see that om_ssl can do the job of TLS communication and even client authentication, but the settings I see are using file path for the Private Key.
Is there a way to have NXLog with om_ssl on macOS using a certificate from the System Keychain ?
Thanks
ygini created
System or Team Identifiers for MacOS and JAMF?
VintageMacGuy created
Has anyone used JAMF to distribute this to Macs?
We are rolling out NXLog to our Macs. I have the installer working, but don't have any security info to configure things like PPPC or System Extensions. I was able to manually tick the box for Full Disk Access, but I am still getting an error message saying that im_maces|in NXLog requires Transparency, Consent, and Control (TCC) approval to connect to Endpoint Security.
If I can find the Bundle ID and Identifier, I should be able to roll that info a PPPC configuration profile which will flip the switch to turn on the Full Disk Access during install, so I don't have to manually do that.
Then to clear the error message I am getting above, I likely need a Team Identifier and/or System Extension type for the System Extensions portion of the Configuration Profile in JAMF?
But I have checked this website and don't seem to find anything here in the documentation or message boards about any identifier. Is there a way to find this info out by looking on a system that has the software installed?
VintageMacGuy created
How to send multiple log files in a directory to rsyslog server
tejas.pandhare created
Hi,
We have one Oracle DB server and DBA needs to send all *.aud files from /u01/app/admin/admin/STG19/adump to remote syslog server. How do we configure nxlog file for the same
Tejas Pandhare
tejas.pandhare created
Does NXlog CE 3.x have something equivalent to the DateFormat option in EE?
crobert created
Hello -
Just checking - in a scenario where there are several hosts across multiple timezones is there a configuration method available for the 3.x version of Nxlog CE to always send logs in UTC similar to the DateFormat option in EE?
I've seen options such as doing math on the timezones via the nxlog.conf but I'm hoping to create a template that can be used on multiple hosts without having to modify each host's nxlog.conf to take account of local timezone on each host.
Thank you!
crobert created
Configuring om_batchcompress and im_batchcompress
gms_jpacheco created
Hello everyone, I find myself configuring NXLog EE 5 with the batchcompress modules, but it does not connect the client with the server.
My client configuration is:
define ROOT C:\Program Files\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
#Lectura de los registros de auditoria
<Input eventlog>
Module im_msvistalog
<QueryXML>
<QueryList>
<Query Id='0'>
<Select Path='Application'></Select>
<Select Path='Security'>[System/Level<4]</Select>
<Select Path='System'>*</Select>
</Query>
</QueryList>
</QueryXML>
</Input>
<Output out_batch>
Module om_batchcompress
Host 192.168.1.11
Port 2514
</Output>
#Envio de los datos de la entrada a la salida
<Route route_Pattern>
Path eventlog => out_batch
</Route>
And the following error is: "couldn't connect to 10.0.200.11:2514; A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond."
My server configuration is:
define ROOT C:\Program Files\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
#Extensiones de los logs
<Extension json>
Module xm_json
</Extension>
#Lectura de los registros de cliente
<Input in_batch>
Module im_batchcompress
ListenAddr 0.0.0.0:2514
</Input>
#Salida de las lecturas realizadas mediante UDP y en formato JSON
<Output udp>
Module om_udp
Host 192.168.2.6:514
Exec to_json();
</Output>
#Envio de los datos de la entrada a la salida
<Route route_Pattern>
Path in_batch => udp
</Route>
And if I get the message of listening on port 2514
Can you help me to determine what I am missing in my configuration, I appreciate your help.
gms_jpacheco created
NXLog and DHCP Log Files issue
beefy66 created
Hi All,
I am using NXlog to forward DHCP events from Windows DHCP Servers. This is working as intended, however I have the following issue:
At midnight DHCP rotates the log file used for the next day and archives off the old one. When this occurs I get the following Events logged by DHCP to the Windows Event Log:
"The DHCP service failed to initialize the audit log. The following error occurred:
Access is denied."
This is event id 1028 logged by the DHCP service. At the same time NXLog also logs an error about the file:
2022-07-26 00:00:26 ERROR apr_stat() failed on file C:\Windows\system32\dhcp\DhcpSrvLog-Tue.log; Access is denied.
2022-07-26 00:00:28 WARNING input file was deleted: C:\Windows\system32\dhcp\DhcpSrvLog-Tue.log
Both DHCP and NXLog are able to read the new files after this, as it is the log archiving operation from DHCP and NXLog's lock on the file that I suspect causes these to be logged. Our issue is that our Monitoring systems are picking on on the DHCP errors and causing alerts.
I do not want to turn of monitoring for these events for obvious reasons. Is there something I can configure / do to prevent this issue from occurring?
I have also included my .conf file snippets for the DHCP options below:
<Input MSDHCPLOGIN>
Module im_file
File 'C:\Windows\system32\dhcp\DhcpSrvLog-*.log'
SavePos TRUE
InputType LineBased
Exec if $raw_event == '' drop();
Exec $Hostname = hostname_fqdn();$SourceName = "DHCPLog";$Message = $raw_event;
</Input>
<Output MSDHCPLOGOUT1>
Module om_udp
Host %XDR1%
Port %PORT%
Exec $SyslogFacilityValue = 21;$Severity = 'INFO';to_syslog_bsd();
</Output>
Thanks in Advance.
beefy66 created
Need to create statistics with a 5 minute window
cjj1977 created
I'm trying to create a stat which gives a RATE for the last 5 minutes whenever you run get_stat.
The code example below runs within a im_msvistalog module
Each of the stats are updates using add_stat('NAME', 1, $EventReceivedTime) in the main Exec block.
The first schedule (re)creates the stats each hour - see below
The second schedule outputs the stats each minute - see below
<Schedule>
Every 1 hour
<Exec>
create_stat('ep1m', 'RATE', 60, now(), 3600); # Change of count of events in the last 1 MINUTE
create_stat('ep5m', 'RATE', 300, now(), 3600); # Change of count (i.e. rate) of events in the last 5 MINUTES
</Exec>
</Schedule>
<Schedule>
Every 1 min
<Exec>
log_info(get_stat('ep1m') + ' events collected from Windows Security Event Log in the last 1 minutes');
log_info(get_stat('ep5m') + ' events collected from Windows Security Event Log in the last 5 minutes');
</Exec>
</Schedule>
The stat that gives me a rate per minute is working fine.
The stat that gives me a rate per 5 minutes is not working as expected.
create_stat('ep5m', 'RATE', 300, now(), 3600);
My expectation was that each minute, when I write the log, it would give me the RATE (i.e. change in count) for the last 300 seconds. I expected this value to go up and down each minute when I write the log info output. Instead it seems to be grouping the statistics into fixed 5 minute windows from the creation of the counter. That is, a RATE for the first 0-5 mins, then a new RATE for the next 5-10 mins, etc.
Is there a way to ensure that when I query the statistics for the last 5 minutes it always gives me the interval between now() and 300 seconds ago?
cjj1977 created
Log's encryption in community edition
empty123 created
Hello,
The question is whether there is encryption of the logs in community edition? And can I deploy nxlog community edition with custom config via group policy?
Thanks in advance!
empty123 created
Is there a way to Reload NXlog Config using <Schedule>?
Jwaldon-oti created
Im looking for ways to reload nxlog config globally using the <schedule> option without having to restart the service or use the 'Update and Reload' button in nxlog manager.
Is there a certain paramerter that can be used in the conf file that will do this on a specific cadence?
Jwaldon-oti created
ODBC (im_odbc) lost connectio after database restart
Operation created
Hi,
we use ODBC (im_odbc) to read some data from Oracle database and write them on a file.
The polling interval is 15 mins.
We noticed that when database service restarts, ODBC (im_odbc) do not restart automatically the connections.
The only way I found to solve this problem is to stop and start nxlog service.
Is there any parameter that force the nxlog to reconnect when existing connection is lost?
Thanks
Operation created
Microsoft Defender Antivirus Events
hebval created
Hi, I'd like to log my Microsoft Defender Events (EventID:1116) so when a malware is detected, I get it on my Graylog server.
Problem is that with Server 2016/Windows 10, the logs are too many for a simple input (with the 256 limit).
So I decided to filter some, and to only get some of them :
<Input in>
Module im_msvistalog
Query <QueryList>
<Query Id="0">
<Select Path="Application"></Select>
<Select Path="System"></Select>
<Select Path="Security"></Select>
<Select Path="Windows PowerShell"></Select>
<Select Path="Microsoft-Windows-Windows Defender/Operational">*</Select>
</Query>
</QueryList>
I receive my App, Sys, Security, and Powershell in Graylog but not my Windows Defender events.
I tried to generate logs multiple times, with some EICAR files, the logs appear in the Event Viewer, but nothing appears in my Graylog Server.
Any help please ? :) thanks
hebval created