Hi Guy's,
We are using nxlog community to ship server logs to a lake,
powershell logs are collected on the server but we want to exclude shipping them,
after much googling i thought it would be as easy as adding this line to the conf:
Exec if ($SourceName == 'PowerShell (PowerShell)' drop();
This does not work, can any experts in NX out there advise?
Thanks,
O.
$message =~ /(?<timestamp>\d+\/\d+\.\d+ )/s;
$ts=$timestamp;
$ts2=$1;
$ts2 has the right info, $ts=""
version nxlog-ce-2.10.2150
Hi all,
It's possible (using the queries) to ONLY receive logs related to all windows administrators and not related to all users?
Thanks.
Hi All,
every once in a while nxlog on some win servers enteres stopped state after this error:
62501: 2019-10-21 04:32:54 ERROR EvtNext failed with error 1717: The interface is unknown.
Does anybody know what might be causing this? All I could find is that this may have been a bug that was resolved in newer versions though.
We are using v 4.0.3735
Thanks,
Jarka
I am reading windows dns logs, and at the start of each file, windows adds text at the beginning of each file. Note that windows will do this in the middle of a multiline log message. Ideally what I want is that when the file is opened, im_file will throw away the header and then pass the rest of the file to xm_multiline so that xm_multiline never knows that this was there.
