1
answer

NxLog to QRadar with TLS

Hello Everybody, 

We are currently using nxlog to send Windows logs to QRadar SIEM utsing TLS.

It works fine, but I receive extra lines in QRadar. I receive empty logs (containing Cg== on base 64, which seems to be a carriage return or a line break). 

The problem appears only when using module om_ssl, not whith om_tcp or om_udp. We tried to remove line break or carriage return using nxlog configuration, but  we still have the behaviour. 

AskedJanuary 25, 2016 - 11:49am
1
answer

Snare Lite Open source v.s. NXlog CE and PCI 3.0 compliance

We have been using Snare Lite Open source for years, and understand it no longer meets PCI 3.0 compliance as it does not log enough event information. Snare Enterprise logs significantly more information, and would be PCI 3.0 compliant, but is expensive.

AskedJanuary 22, 2016 - 11:05pm
1
answer

How to capture print logs stored in Windows Eventlog

Hi,

I am suresh, i have installed nxlog agent on one of my Windows 2008 R2 print server and it transfer Application, Security & System Eventlogs to LogRhythm log collector. 

My question is, will it also transfer the print logs (stored in Event Viewer -> Applications and Service Logs -> Microsoft -> Windows -> Print Service -> Operational) to my LogRhythm log collector?

or not?

AskedJanuary 21, 2016 - 2:18pm
1
answer

KISS: beginner's problems with im_file and om_file

Hello nxlog world,

Shamed to say, I've spent entire yesterday trying to figure out how to read Windows DHCP log files and ship the events to ElasticSearch.

Problem was with using direct path for folder C:\Windows\System32\dhcp\. Managed to get nxlog to read by sharing the folders (read-only permissions) to the user account used for nxlog service account logon.

AskedJanuary 21, 2016 - 11:45am

Pages