IIS log & bad characters causes NXlog crash causing random event dump

We are using NXlog to send Windows EventLogs and IIS logs to Logstash (ELK).  It works very well indeed with only one problem - at 2am (we suspect IIS log rotation, or maybe weird Netscaler packet) every day the NXlog service crashes on ALL servers that are sending IIS logs.  We have some other servers only sending EventLogs - no crashing occurs.

AskedOctober 28, 2014 - 11:42am

Load Balanced Output Config

Trying to configure the NXLog forwarder to load balance it's output stream. I tried creating 2 output stanzas out1 and out2 with the appropriate IPs and then routed as Path   eventlog => out1, out2.

This seemed to clone the output stream as logs were going to both receivers. What would be the proper way to tell NXLog to use one IP if available, else another IP?

AskedOctober 23, 2014 - 9:43pm

Routing messages based on type and source in a client server configuration

Currently process and transform the windows event/iis logs on the client, however as I have more servers I am wondering about routing everything to a central point using the binary format and then processing them into the relevant tables in to a mysql db. I am struggling with at which stage this filtering and tansforming is done and what the route should look like. Do I use the patern filter in a process stage and then use and if statement in the route based on the patern id?

AskedOctober 21, 2014 - 11:41am

xm_perl.dll is not present in extension directory

I am trying to use the perl extension in Windows, but nxlog complains that it cannot find the xm_perl.dll. The complaint is correct, the file is not there. My question is why? Does the windows version not support using perl?

AskedOctober 8, 2014 - 1:59pm

Windows Nxlog creating multiple dyn$ folders


I really would like some assistance in the forum - 

Here is the scenario:

Installed nxlog.c.e in Windows 2008 R2

Used the query list -to get security logs

Added that in the module - started the server - everything is fine.

I tested this in my Windows mahcine - to my Redhat server.


The issue happens when the Windows machine is registered to the domain.

AskedOctober 7, 2014 - 9:41am