Windows Eventlog - registry ref objects do not resolve

I am new and I apologies in advance if this question has been asked already.


I am us nxlog to forward windows eventlogs (json format) to central logging system.

Not all object are resolved in the message … example.

Object: Object Server:

DS Object Type: %{e0fa1e8c-9b45-11d0-afdd-00c04fd930c9}

Object Name: %{cc0985a1-b646-4957-bb95-ac8fe9ad147a}


AskedNovember 24, 2015 - 4:27pm

getting error "ERROR subprocess '8319' returned a non-zero exit value of 1" when calling external script

when i manually execute python script it works fine (cat /var/log/nxlog/pktdesign-alerts.log1|./sec-parse.py) , but whe nxlog calls keep on seeing the error messages below and scripot does not execute, 


===> when nxlog config was whats listed below produced error "2015-11-23 20:52:41 ERROR subprocess '4843' returned a non-zero exit value of 127"

AskedNovember 23, 2015 - 10:34pm

How many folders/files nxlog can monitor?


I'm setting up nxlog on a window box to read files to send to elasticsearch, and I have some questions:

1) is there a limit on the number of im_file inputs that a output (om_tcp) can handle? And is nxlog reading those monitored files concurrently or in serial one after each other?

2) we can setup multiple paths in nxlog, different path means parallel processing, e.g. each path is handled by different threads??

AskedNovember 23, 2015 - 1:16pm

Forwarding logs with im_file om_file

Hi there,

I have several hosts where lots of logs are generated. On every of this hosts logs are placed into one directory and have different names with *.log extension. My point is to use nxlog on that hosts to forward logs into one central storage but I have problem with populating files names. I would like that file source/first.log to be populated to destination/first.log. Similarly source/second.log -> destination/second.log etc. Below is my config file.

AskedNovember 20, 2015 - 3:13pm

Declaring field types.

Hi everyone,

I've got a box running Kibana and Elasticsearch, with the information being handed across by fluentd.  It's all working pretty well, and I've moved on to pushing Windows events through - which is where I'm struggling.

I'm using nxlog on a windows machine, and it's pushing the data directly to elasticsearch - unfortunately I cannot for love nor money get the date to be handled as a date, rather than a string; the nxlog output is:

AskedNovember 19, 2015 - 10:22am