Hi, I recently started using Nxlog with Windows event log.
I'm able to get events off of the Security log and onto my server, however, I've noticed something peculiar.
The value of the 'ProcessID' field is always 4, no matter what process is generating the event.
My nxlog.conf has the following sections:
I'm new to nxlog and try to find a way to clear the Windows eventlogs during or after read/export with nxlog.
I've browsed through the manual, but can't find out how, is there a way to do this with a nxlog module/command?
Hello - I am testing nxlog to send windows based syslogs to papertrail. The following code seems to produce the logs, however, the log header entries are logging with (date, external ip address, "logger:") on each line. To be consistent with the other logs being collected, would like these headers to be (date, HOSTNAME of originator, Process originator) how can I change the header that nxlog is pushing out to papertrail?
Sorry for the activity, I hope this to be the last question - I've been playing with nxlog-ce for a week already.
How can I get a count of (unintentionally) dropped records? Something syslog-ng reports in "mark" messages... Do I have to create a buffer processor, drop the records "intentionally" in it and implement my own counter in script? Or does nxlog exhibit somehow its internal flow control stats?