h1, sorry my eng bad.
Why do I need to http://192.168.91.133:9090/nxlog-manager when specifying the login "admin" and the password "nxlog123", I get the error " could not contact the database server."
I am using Nxlog 5.4.7313 and I have such a config block.
<Input perf_process>
Module im_exec
BufferSize 200
Command "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
Arg "-ExecutionPolicy"
Arg "remotesigned"
Arg "-File"
Arg "C:\scripts\Get-ProcessUtilization.ps1"
Restart TRUE
</Input>
Hello there,
We are currently getting PowerShell transcript logs in one of our Windows WEF Collectors. Each log is been generated as a .txt file following the following naming convention: PowerShell_transcript.$deviceName.$RandownNumber.txt.
For example this is how the folder looks like:
G:/PowerShell_logs/
PowerShell_transcript.device1.qww.txt
PowerShell_transcript.device2.fgd.txt
PowerShell_transcript.device3.hjj.txt
Using NxLog with "EXEC to_syslog_snare();" to output Windows Events. What parser should be used by the Decoder? I thought maybe winevent_snare but maybe it is rhlinux.
Which parser should be used... or should I only care the windows event logs are parsed correctly?
I need to append a hostname to the beginning of the raw log because the log that is being transferred does not show the host who is forwarding the log. I need to add a hostname to identify the log is being forwarded.
Here is the output. How do I add the hostname?
<Input internal>
Module im_internal
Exec $Message = to_json();
</Input>
