Log filtering by event ID?


We are testing NXlog to ship the security logs to our security team.  We are using XP embedded and it working fine.  Security is asking us to only send specific event ID's.  I have looked at the documentation and it appears that we may not be able to do this with XP.  I was going to do the custom view but XP does not support that. We are supported on the embedded version of XP.

My question.  Has anyone tried to do this with XP or is it even possible?

AskedMay 16, 2016 - 3:12pm

Nxlog module


I am doing a rule which detects me are making multiple responses of ICMP from the same IP in which there are diferent IPs.


The problem that i have is that don't write in the output with raw_event and file_write. In file_write I put the "otro" file. 

Do you know it can be?




File nxlog.conf:


<Extension fileop>
    Module      xm_fileop

AskedMay 13, 2016 - 9:39pm

NXlog Implementation

Hi all! Im new and would really appreciate any assistance/feedback on implementation... I'm trying to implement Audit Reduction in my environment which includes (4) Windows 7 boxes , (2) RHEL 7 boxes (SYSLOG) and (1) RHEL 6 box (SYSLOG)... We have all the logs writing to one of the Windows 7 workstations. The logs need to be manually pulled off and put in another location.

AskedMay 11, 2016 - 8:20pm

How to delete input files after reading ?

Hi Everyone,
New forum user, so sorry if I do not respect some uses rules…and I’m French by the way, so sorry about my bad English level too…;-)
I use Nxlog in the following context :
A machine A send periodically a file on a machine B (same file name)
Machine B is used like a first level of log centralization. Nxlog is installed on it
Then, Nxlog send log to Machine C who host Logstash

AskedMay 11, 2016 - 3:19pm

NxLog marked as virus

Hi there,


Has any of you encountered this virus warning? The scan was done using TrendMicro HouseCall.

Is my nxlog infected? Thanks for your help

AskedMay 10, 2016 - 7:54am