Hello,
I've been using the Community edition of NXlog, I've read there is a Bug related to the 256 windows channel error, has there been a fix or does anybody have a workaround for this. The agent on some of my machines stop work after a couple days. Any Advice would be appreciated.
Hello there! I was wondering how one can forward the raw XML events (open Event Viewer, double click an event, click Details, then XML View) from the Windows Event Log to a SIEM/log file using nxlog EE.
Currently, if I don't specify any options, it ends up in a log format that isn't XML, and if I use
Exec $Message = to_xml(); to_syslog_bsd();
then I get an XML that isn't formatted the same way as the Windows Event XML, which confuses the SIEM.
I have a setup using NXlog instances as collectors in a large number of security zones.
<Input in0>
Module im_tcp
Host XXX.XXX.XXX.XXX
</Input>
but for some reason this does not capture logs coming in on port 514 from Fortinet units; all other logs (from Windows and Linux servers) are received and processed just fine.
tcpdump -nvvA host [Fortinet unit IP]
Hello.
We are testing the NXLog EE Trial version on Windows and want to know what are its limitations?
Will be expire after some time?
Are some modules not working?
How many days can we try it?
Is there a FAQ to explain further the Trial limitations? because we did not find any.
Thank you.
Hello everyone
I have the following EXEC IF statement in my configuration file to drop events if username fields are equal to the computer account name. As you know Windows computer account names always end in $.
host1$
host2$
etc.
if $EventID == 4624 AND ($TargetUserName == 'DESKTOP-XY43$' OR $SubjectUserName == 'DESKTOP-XY43$') drop();