CSV-input: converting specific field(s) to lowercase

Dear community,

I'm currently working on parsing MS Exchange logs and sending them via GELF to my graylog instance.

I'd like to convert the sender- and recipient-address field to lowercase. Sounds pretty easy, in fact, I need help :(

my current config looks like this (below). Any help is appreciated.

I've tried to work with "Exec       $sender-address = lc($sender-address);" within the input as well as Output backet - neither did work.

AskedOctober 15, 2015 - 6:40pm

NXlog IIS log Shipping issues

I am trying to use NXlog to ship Event Logs and IIS logs to Graylog. No matter what I do in NXlog the IIS log timestamp in Graylog is the same as the EventReceivedTime. However, the Event Log timestamps are correct. Here is a link to my config on pastebin. All the configs I found on Google set the EventTime the same way. See anything wrong?

AskedOctober 15, 2015 - 4:20pm

Calculating the events per second (EPS)

I am trying to figure out how many events are coming in per hour on a given a input module named win.

I have searched around and haven't found any definitive solution. Most of what I have seen implements the create_stat function. But from there, I am lost. Here is my current config for the input, output, and route. How would I implement this feature into what I currently have?

AskedOctober 12, 2015 - 6:52pm

how to proxy a "OutputType GELF" within a TLS/SSL connection?

On a Window 2012 server I'm collecting system events and then sending them to a remote server using OutputType GELF. This works fine on my serverrs behind a firewall however I have a AWS server that I would like to log and send logs over a TLS connection.

Here's what my working Output looks like:

<Output out>
    Module      om_udp
    Host        XXX.XXX.XXX.XXX
    Port        12201
    OutputType  GELF

AskedSeptember 28, 2015 - 9:15pm

Strange behaviour of NXLog for Windows - configuration is valid random times


I've started playing with NXlog and have found strange behaviour.

This is my configuration:


<Input b-logs>
    Module      im_file

    File "d:\\Temp\\Logs\\test.txt"
    SavePos TRUE
    InputType LineBased

    Exec if ( $raw_event =~ /^#/ )    \
    {    \
        $raw_event="ok";    \
    }    \
    else    \
    {    \
        $raw_event="bad";    \

AskedSeptember 27, 2015 - 8:36am