Parsing Windows Logs (from FILE)

I am having no luck with a simple parsing of EVT log files.

Is there an easy way to read in EVT (Binary Log files) and output them in Syslog Format?

This is the config file I am using: (I Used python evtx to extract into text XML) However that yields XML attributes which apparently are not parse-able.

Problem Set:

Give 3 files (System.evt, Application.evt, and Security.EVT) parse the EVT format into Syslog_BSD(or IETF) formats.



AskedMarch 31, 2016 - 7:05am

Unable to file_remove on Linux Setup

Hi Everyone,

New to nxlog, so apologies in advance! I am currently deploying nxlog on a Linux server (Red Hat Enterprise release 6.6). I am currently trying to remove a file after nxlog has finished processing. From the documentation, I am using file_remove, which is not working. Here is my config that does not throw any syntax errors when starting nxlog. In the debug log, I do not see an attempt to try and match files for removing:

AskedMarch 29, 2016 - 1:01am

Remove Duplicates Help Needed

Hello All,

I am trying to use the pm_norepeat module to remove duplicate log messages that sometimes flood my logs. I am apparently not grasping how this works as the duplicate records are still flooding through the logs when I attempt to use the pm_norepeat function.

AskedMarch 28, 2016 - 9:00pm

om_tcp - reconnect(); on a schedule

I have a series of file inputs and tpc outputs. The output targets are geo-balanced across data centers which traffic is directed to based on the originating request. If we have a situation where we need to take one of the two collectors down all the agents would point at one side. Because of this, I want NXLog to reconnect to the output target at a particular interval. How do you properly use the 'reconnect();' procedure? We have a series of inputs using the same outputs.

AskedMarch 28, 2016 - 6:37pm