1
response

Cannot communicate with database server

h1, sorry my eng bad.
Why do I need to http://192.168.91.133:9090/nxlog-manager when specifying the login "admin" and the password "nxlog123", I get the error " could not contact the database server."

AskedSeptember 22, 2021 - 3:20pm
1
response

powershell no returns value

I am using Nxlog 5.4.7313 and I have such a config block.

<Input perf_process>
Module im_exec
BufferSize 200
Command "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
Arg "-ExecutionPolicy"
Arg "remotesigned"
Arg "-File"
Arg "C:\scripts\Get-ProcessUtilization.ps1"
Restart TRUE
</Input>

AskedSeptember 21, 2021 - 12:29pm
1
response

How to forward PowerShell_transcript files to SIEM as syslog?

Hello there,

We are currently getting PowerShell transcript logs in one of our Windows WEF Collectors. Each log is been generated as a .txt file following the following naming convention: PowerShell_transcript.$deviceName.$RandownNumber.txt.

For example this is how the folder looks like:
G:/PowerShell_logs/
PowerShell_transcript.device1.qww.txt
PowerShell_transcript.device2.fgd.txt
PowerShell_transcript.device3.hjj.txt

AskedSeptember 20, 2021 - 6:24pm
2
responses

Using NxLog with to_syslog_snare() for Windows Events

Using NxLog with "EXEC to_syslog_snare();" to output Windows Events. What parser should be used by the Decoder? I thought maybe winevent_snare but maybe it is rhlinux.
Which parser should be used... or should I only care the windows event logs are parsed correctly?

AskedSeptember 18, 2021 - 1:29am
1
response

Add hostname to the beginning of the log

I need to append a hostname to the beginning of the raw log because the log that is being transferred does not show the host who is forwarding the log. I need to add a hostname to identify the log is being forwarded.

Here is the output. How do I add the hostname?

<Input internal>
Module im_internal
Exec $Message = to_json();
</Input>

AskedSeptember 17, 2021 - 9:40pm

Pages