Forwarding WEF / collector events onto another source.

Hi, we have windows event forwarding configured with a lot of subscripts and filtering already configured across a deployemnt of Windows servers.

I would like to use NXLOG EE to install on our two Windows event collectors to forward these events off to a SIEM. Looking at the documentation seems I need to setup a Linux server to act as the WEC for this purpose?

AskedMarch 8, 2021 - 1:06am

Firewall Event Aggregation

I've got a simple config listening on 514 UDP/TCP and forwarding everything received out to another server for ingest. One of the things I've been having trouble figuring out is how to do simple event aggregation for firewall logs. Ideally it would aggregate over a time window and append the message with a new field containing the count of messages.

AskedMarch 6, 2021 - 12:09am

NXlog to read the contents of several files in a directory and send them to a Syslog Watcher server

Hello NXLog user,

I'm new to Nxlog and I'm looking to send the contents of files (*.log) located in a single directory to a Syslog Watcher server (snmpsoft).
A trace can be on one or multiple lines but each start of a new trace starts with the time.

Here is an example of a trace on one line (columns => time type severity thread file function content) :

AskedMarch 5, 2021 - 5:52pm

NXlogv5 om_http connection bug

We probably found a bug in nxlog-5.2.6388. We use om_http to transfer logs to the server. If there are some new logs in our log file, the nxlog on start connects to server, makes ssl handshake and sucessfully sends logs.

AskedMarch 3, 2021 - 2:24am

random extra comma showing up in Splunk

So I'm working on moving our logging away from SolarWinds and into nxlog. We like to punt off our logs to Splunk so that our security department can create dashboards and such for the events they care about. I've just about got the output perfect, besides ONE random extra comma and I can't figure out where it's coming from.

Here is my config:

define ROOT C:\Program Files (x86)\nxlog

AskedMarch 1, 2021 - 11:05pm