Windows .evt files to graylog

Has anyone succeed in sending .evt file content to graylog ?

Actually, I found that:

 - Using im_file module I can parse .evt file and send its content outside, but logs are bad formatted

 - Using im_vistalog module I can't parse .evt files only the Windows Event log, but logs are well formatted

Any advice someone ?

Maybe it is possible to send the ouput of im_file to im_vistalog ?


AskedJune 3, 2016 - 5:58pm

Random nxlog crashes every now and then

Every now and then I get reports of logs not reporting. I investigate and 99.9% of the time, it is due to a loss of connectivity to the log server due to an nxlog crash. Typically, it is due to a faulting module, per Windows Event Viewer.

OS - Windows Server 2012 R2 Datacenter

NXLOG Version - How do I check?

Event Viewer ::

AskedJune 1, 2016 - 6:38pm

Compile failure on FreeBSD - SSL error

I'm attempting to compile the latest nxlog on FreeBSD and it fails with the following error. Any thoughts as to a fix or workaround would be appreciated. My environment is as follows:


OpenSSL 1.0.2h  3 May 2016

AskedMay 31, 2016 - 4:19pm

Redis Module LPUSH

NXLog Redis output module  sends data to a Redis server with the RPUSH command allowing only to change the Redis key ( = database).

RPUSH inserts all the specified values at the tail of the list stored at key

AskedMay 26, 2016 - 8:48am

How to insert any string at end of multiline log file using nxlog?

I have a multiline log sample as follow:
2/22/2016 4:19:30 PM 09F8 EVENT The DNS server has finished the background loading of zones. All zones are now available for DNS updates and zone transfers, as allowed by their individual zone configuration.
2/22/2016 4:19:38 PM 082C EVENT The DNS server has started.
2/22/2016 4:19:38 PM 08E0 PACKET 0000000001564000 UDP Rcv 526c Q [0001 D NOERROR] SOA (5)_ldap(4)_tcp(4)snpl(3)com(2)np(0)

AskedMay 24, 2016 - 11:57am