In my design, there are collectors placed in security zones, receiving logs from a great number of Linux servers and forwarding the incoming to a Master Collector. This works perfectly fine :) My Collector's Input is defined like: <Extension _syslog> Module xm_syslog </Extension> <Input in1> Module im_tcp Host 0.0.0.0 Port 514 Exec parse_syslog(); </Input> but with one exception: In one of the zones I'm supposed to receive logs from the firewall - I can see in the nxlog.log the connection is accepted, but then it says connection accepted from [X.X.X:X]:port couldn't bind tcp socket to [X.X.X.X]:514; cannot assign requested address and I don't get any firewall logs. What is the proper fix for this?

I am trying to filter certain Windows Server events. I have the following code: <Exec> if $EventID == '4737' AND $TargetSid == 'S-1-5-21-3629192509-3943823860-1568066966-20147' AND $SubjectUserSid == 'S-1-5-21-3629192509-3943823860-1568066966-20118' { drop(); } if $SubjectUserName == 'NETVAULT$' AND $SubjectUserSid == 'S-1-5-20' AND ($ProcessName == 'C:\Program Files (x86)\Quest\NetVault Backup\pgsql\bin\postgres.exe' OR $NewProcessName == 'C:\Program Files (x86)\Quest\NetVault Backup\pgsql\bin\postgres.exe') { drop(); } if $SubjectUserName == 'HVAC$' AND $SubjectUserSid == 'S-1-5-18' AND ($ProcessName == 'C:\Program Files (x86)\Delta Controls\enteliWEB\PostgreSQL\bin\postgres.exe' OR $NewProcessName == 'C:\Program Files (x86)\Delta Controls\enteliWEB\PostgreSQL\bin\postgres.exe') { drop(); } </Exec> The first one says if the EventID, TargetSid, and SubjectUserSid are certain values, then drop the event. The second says that if the SubjectUserName and SubjectUserSid are certain values and either the ProcessName or NewProcessName are a certain value, then drop the event. The third basically is doing the same thing as the second one, except using different values. Do I have the syntax correct for this?

Hi, we are using NXlog to forward syslog messages, which works fine. But we have that strange <14> in the forwarded message: 3.127.197.211 **<14>**2020-10-13 09:58:54,443 message Konfig: <Input syslog514udp> Module im_udp Port 514 Host 0.0.0.0 </Input> <Output eventsentry> Module om_udp Host dstserver.domain.com Port 514 Exec $raw_event = $MessageSourceAddress + " " + $raw_event; </Output> Does anyone know why that happens? Thanks, Thomas

hello i have i question about windows 2012 > nxlog ce > graylog my nxlog-ce ver is 2.10.2150 question : my nxlog-ce to graylog have question but the log is not go to graylog so im open windows taskmgr to see nxlog.exe PID and Internet connection nxlog source ip and Destination is "ipv4 Loopback " 2.nxlog log : WARNING The following sources are omitted to avoid exceeding the limit in the generated query: Microsoft-Windows-Workplace Join/Admin Microsoft-Windows-WPD-ClassInstaller/Operational Microsoft-Windows-WPD-CompositeClassDriver/Operational Microsoft-Windows-WPD-MTPClassDriver/Operational Microsoft-WS-Licensing/Admin Setup WitnessClientAdmin my nxlog.conf Panic Soft #NoFreeOnExit TRUE define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE% Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data <Extension _syslog> Module xm_gelf </Extension> <Input in> Module im_msvistalog </Input> <Output out> Module om_udp Host Port 10554 OutputType GELF </Output> <Route 1> Path in => out </Route> so how can i do to Solve the problem please help me thx~~

Our setup: we have Windows Server 2019 servers that are forwarding some "Security" events to a single Windows Server 2019 event collector. On that single Windows Server 2019 event collector, we have installed NXLog, which is forwarding to Graylog. Summary: servers --> event collector server (where NXLog is installed) --> Graylog server All selected events are getting to the event collector, but only some are getting to Graylog. So the problem is somewhere on or after the event collector server. Here is the complete NXLog config: define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension _gelf> Module xm_gelf ShortMessageLength 500 </Extension> <Input in> Module im_msvistalog <QueryXML> <QueryList> <Query Id='0'> <Select Path='ForwardedEvents'>*</Select> </Query> </QueryList> </QueryXML> </Input> <Output out> Module om_tcp Host graylog.local Port 12201 OutputType GELF_TCP </Output> <Route 1> Path in => out </Route> Is anything obvious missing?

I traverse /var/log/myAPPLICATION* like shown below to harvest everything below in the folder structure, which has .log as extension. The challenge is now: What if there are occurences of logfiles that have e.g. .txt extension? Is it possible to use some conditional to that File line in the Input directive? Something like File "/var/log/myAPPLICATION/*.[log|txt]" <Input appLogs> Module im_file File "/var/log/myAPPLICATION/*.log" Recursive True SavePos True ReadFromLast True Exec to_syslog_ietf(); </Input>

We have installed nxlog community edition on Red Hat Enterprise Linux version 7.6. We included auth.conf but are not seeing any auth messages forwarded. I'm not understanding why Rsyslog is required since Rsyslog is capable for forwarding events by itself. Please share configs and experiences getting security and auth messages to forward.

Hello! I noticed that the value of the ProcessID field in sysmon event does not match the value of the ProcessID field which is nested in the Message field. Is it normal? The sample sysmon event from https://nxlog.co/documentation/nxlog-user-guide/sysmon.html is bellow { "EventTime": "2015-04-27 15:23:46", "Hostname": "WIN-OUNNPISDHIG", "Keywords": -9223372036854776000, "EventType": "INFO", "SeverityValue": 2, "Severity": "INFO", "EventID": 1, "SourceName": "Microsoft-Windows-Sysmon", "ProviderGuid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", "Version": 3, "Task": 1, "OpcodeValue": 0, "RecordNumber": 2335906, "ProcessID": 1680, "ThreadID": 1728, "Channel": "Microsoft-Windows-Sysmon/Operational", "Domain": "NT AUTHORITY", "AccountName": "SYSTEM", "UserID": "SYSTEM", "AccountType": "Well Known Group", "Message": "Process Create:\r\nUtcTime: 2015.04.27. 13:23\r\nProcessGuid: {00000000-3862-553E-0000-001051D40527}\r\nProcessId: 25848\r\nImage: c:\\Program Files (x86)\\nxlog\\nxlog.exe\r\nCommandLine: \"c:\\Program Files (x86)\\nxlog\\nxlog.exe\" -f\r\nUser: WIN-OUNNPISDHIG\\Administrator\r\nLogonGuid: {00000000-568E-5453-0000-0020D5ED0400}\r\nLogonId: 0x4edd5\r\nTerminalSessionId: 2\r\nIntegrityLevel: High\r\nHashType: SHA1\r\nHash: 1DCE4B0F24C40473CE7B2C57EB4F7E9E3E14BF94\r\nParentProcessGuid: {00000000-3862-553E-0000-001088D30527}\r\nParentProcessId: 26544\r\nParentImage: C:\\msys\\1.0\\bin\\sh.exe\r\nParentCommandLine: C:\\msys\\1.0\\bin\\sh.exe", "Opcode": "Info", "UtcTime": "2015.04.27. 13:23", "ProcessGuid": "{00000000-3862-553E-0000-001051D40527}", "Image": "c:\\Program Files (x86)\\nxlog\\nxlog.exe", "CommandLine": "\"c:\\Program Files (x86)\\nxlog\\nxlog.exe\" -f", "User": "WIN-OUNNPISDHIG\\Administrator", "LogonGuid": "{00000000-568E-5453-0000-0020D5ED0400}", "LogonId": "0x4edd5", "TerminalSessionId": "2", "IntegrityLevel": "High", "HashType": "SHA1", "Hash": "1DCE4B0F24C40473CE7B2C57EB4F7E9E3E14BF94", "ParentProcessGuid": "{00000000-3862-553E-0000-001088D30527}", "ParentProcessId": "26544", "ParentImage": "C:\\msys\\1.0\\bin\\sh.exe", "ParentCommandLine": "C:\\msys\\1.0\\bin\\sh.exe", "EventReceivedTime": "2015-04-27 15:23:47", "SourceModuleName": "in", "SourceModuleType": "im_msvistalog" }

Hi - pardon my ignorance I would like to use the om_python module to run a Python script s3_write.py which outputs to an S3 bucket on AWS I noticed the module wasn't included on the Community edition so I downloaded a trial of Enterprise and installed it, but im_python and om_python are not included with that either Nor can I find anywhere to download that module. How can I get hold of om_python please ? Kind regards

Installing nxlog to a 2008sp2 server. There is no C:\program files (x86) directory. Only Program Files. The service won't start because it is unable to find the program files (x86) directory. Are there other steps that need to be done to get this to work?

hello, Windows serveur 2019 NXLOG-CE 2.10.21.50 i have difficulties to transfert Windows 2016/2019 sercurity logs to a Syslog host. i think that my nxlog.conf is not working right, sometimes i receive the logs some time not can you help me please ? ############### define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension _syslog> Module xm_syslog </Extension> <Extension _charconv> Module xm_charconv AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32 </Extension> <Extension _exec> Module xm_exec </Extension> <Extension _json> Module xm_json </Extension> <Input in_eventlog> # For windows 2008/vista/7/8/2012/2012R2 and latter use the following: Module im_msvistalog Query <QueryList> <Query Id="0"> <Select Path="Security">[System[(EventID=1100)]]</Select> <Select Path="Security">[System[(EventID=4768)]]</Select> <Select Path="Security">[System[(EventID=4769)]]</Select> <Select Path="Security">[System[(EventID=4771)]]</Select> <Select Path="Security">[System[(EventID=4616)]]</Select> <Select Path="Security">[System[(EventID=4625)]]</Select> <Select Path="Security">[System[(EventID=4647)]]</Select> <Select Path="Security">[System[(EventID=4648)]]</Select> <Select Path="Security">[System[(EventID=4656)]]</Select> <Select Path="Security">[System[(EventID=4719)]]</Select> <Select Path="Security">[System[(EventID=4720)]]</Select> <Select Path="Security">[System[(EventID=4722)]]</Select> <Select Path="Security">[System[(EventID=4723)]]</Select> <Select Path="Security">[System[(EventID=4724)]]</Select> <Select Path="Security">[System[(EventID=4725)]]</Select> <Select Path="Security">[System[(EventID=4726)]]</Select> <Select Path="Security">[System[(EventID=4727)]]</Select> <Select Path="Security">[System[(EventID=4728)]]</Select> <Select Path="Security">[System[(EventID=4729)]]</Select> <Select Path="Security">[System[(EventID=4730)]]</Select> <Select Path="Security">[System[(EventID=4731)]]</Select> <Select Path="Security">[System[(EventID=4732)]]</Select> <Select Path="Security">[System[(EventID=4733)]]</Select> <Select Path="Security">[System[(EventID=4734)]]</Select> <Select Path="Security">[System[(EventID=4735)]]</Select> <Select Path="Security">[System[(EventID=4737)]]</Select> <Select Path="Security">[System[(EventID=4738)]]</Select> <Select Path="Security">[System[(EventID=4739)]]</Select> <Select Path="Security">[System[(EventID=4740)]]</Select> <Select Path="Security">[System[(EventID=4741)]]</Select> <Select Path="Security">[System[(EventID=4742)]]</Select> <Select Path="Security">[System[(EventID=4743)]]</Select> <Select Path="Security">[System[(EventID=4744)]]</Select> <Select Path="Security">[System[(EventID=4745)]]</Select> <Select Path="Security">[System[(EventID=4748)]]</Select> <Select Path="Security">[System[(EventID=4749)]]</Select> <Select Path="Security">[System[(EventID=4750)]]</Select> <Select Path="Security">[System[(EventID=4753)]]</Select> <Select Path="Security">[System[(EventID=4754)]]</Select> <Select Path="Security">[System[(EventID=4755)]]</Select> <Select Path="Security">[System[(EventID=4756)]]</Select> <Select Path="Security">[System[(EventID=4758)]]</Select> <Select Path="Security">[System[(EventID=4759)]]</Select> <Select Path="Security">[System[(EventID=4760)]]</Select> <Select Path="Security">[System[(EventID=4763)]]</Select> <Select Path="Security">[System[(EventID=4764)]]</Select> <Select Path="Security">[System[(EventID=4767)]]</Select> <Select Path="Security">[System[(EventID=4778)]]</Select> <Select Path="Security">[System[(EventID=4783)]]</Select> <Select Path="Security">[System[(EventID=4800)]]</Select> <Select Path="Security">[System[(EventID=4801)]]</Select> <Select Path="System">[System[(EventID=7036)]]</Select> <Select Path="Application">[System[(EventID=18454)]]</Select> <Select Path="Application">[System[(EventID=18456)]]</Select> </Query> </QueryList> Exec $Message=to_json(); # to_syslog_bsd(); # Exec $ModuleType = 'event_log'; # ReadFromLast TRUE </Input> <Output out_eventlog> Module om_udp Host xx.xx.xx.xx #Port 514 Exec to_syslog_bsd(); </Output> <Route eventlog> Path in_eventlog => out_eventlog </Route> #####################################

hello, first of all I would like to know is NXLOG-CE compatible with Windows server 2019. I have a lot of trouble implementing nxlog-ce on windows 2019 while on 2012 every thing is fine. the logs do not go up instantly and most of the time it does not work. someone has used nxlog-ce on windows 2019 ? sorry for my English :) Thank you for your answers with frensh : tout d'abord je souhaite savoir est ce que NXLOG-CE est compatible avec Windows serveur 2019. j'ai beaucoup de mal a implémenter nxlog-ce sur windows 2019 alors que sur de 2012 tout est bien fonctionnel et aucun soucis pour fare remonter les logs vers mon Syslog (kiwisyslog de solarwinds). les logs ne remontent pas instantanément et la majorité du temps cela ne fonctionne même pas. quelqu'un a t-il déjà utilisé nxlog-ce sur du windows 2019. merci pour vos réponses

Have created this simple agent to send agent logs to a central server. Is it possible to bulk this and only send once per hour ? What requirements to use the same as agentless ? When I add a second agent, how does the NXlog server separate the logs ? I then want to forward all logs on NXlog server to SIEM or Elastic , how to forward ? possible to bult this aswell <Input syslog> Module im_msvistalog <QueryXML> <QueryList> <Query Id='0'><Select Path='System'>[System[(Level &lt;= 3)]]</Select></Query> <Query Id='1'><Select Path='Application'>[System[(Level &lt;= 3)]]</Select></Query> <Query Id='2'><Select Path='Security'>*[System[(Level &lt;= 3)]]</Select></Query> </QueryList> </QueryXML> </Input> <Output forward> Module om_tcp Host x.x.x.x Port 1514 </Output> #################### ROUTE ########### <Route r> Path syslog => forward </Route>

Hi! I was wondering if anyone had any thoughts on this. I am using NXLog CE on Windows. I want to use om_file to export a log file to a network share folder. This share only allows AD domain users to read/write to the network share folder. I found that when I try to do this I get permission denied. This is obviously because I haven't assigned a domain account for NXLog to use, and I assume NXLog uses a local system account. Is there a way I can make NXLog use Domain credentials when doing this file transfer? Or is there another output module I should use? I am new to NXLog, apologies if this is a simple answer :)

Hello, I have to filter multiple log (such as System, Application) and also filter it by levels. I'm trying to wrote a config but don't output anything. <Input eventlog> Module im_msvistalog <QueryXML> <QueryList> <Query Id='0'> <Select Path="System">[System[(EventID=11150 or EventID=11151 or EventID=11152 or EventID=11153 or EventID=11154 or EventID=11155 or EventID=11162 or EventID=11163 or EventID=11164 or EventID=11165 or EventID=11166 or EventID=11167 or EventID=5773 or EventID=5774)]]</Select> <Select Path='System'>[System/Level=2]</Select> <Select Path="System">[System[(Level=2 or Level=4)][(EventID=6005 or EventID=6008)]]</Select> <Select Path="System">[System/Level=4[(EventID=6005 or EventID=6008)]]</Select>s <Select Path="System">[System/Level=3[(EventID=1031 or EventID=1053 or EventID=5053 or EventID=1129 or EventID=1131 or EventID=1135 or EventID=1206 or EventID=1211 or EventID=1216 or EventID=1553 or EventID=5553 or EventID=2057 or EventID=47 or EventID=16947 or EventID=16949 or EventID=4034 or EventID=9015 or EventID=9026)]]</Select> <Select Path="Application">[System/Level=2]</Select> <Select Path="Application">*[System/Level=3[(EventID=514)]]</Select> </QueryList> </QueryXML> I don't know if is the right way, it's my first time with nxlog. Thanks a lot!

Dear all, I was wondering if there was IPv6 support in the latest nxlog-community edition release? According to the Documentation (NXLog Community Edition Reference Manual) it seems IPv6 is supported. IPv6 Address An ip6addr type stores an IPv6 address in an internal format. But according to my nxlog.log errors I see the following: 2020-09-08 15:59:00 INFO nxlog-ce-2.10.2150 started 2020-09-08 15:59:00 ERROR apr_sockaddr_info failed for :::515;Address family for hostname not supported 2020-09-08 16:00:49 ERROR invalid keyword: ListenAddr at /etc/nxlog.d/listener.conf:26 Can you confirm that IPv6 should theoretically be supported in 2.10.2150 ? If so, what needs to be enabled in the config if used with im_tcp ? If it's not supported (because currently only supported in the Enterprise Edition), are there any plans to include this also in the Community edition soon? thanks and best regards, micsnare

OS:Windows server 2016 NXlog:CE-2.10.2150 I want to filter the Windows event log message string ("Test_Message"). .. It doesn't work. Please tell me what's wrong [nxlog.conf] <br/>Panic Soft <br/>#NoFreeOnExit TRUE <br/> <br/>define ROOT C:\Program Files (x86)\nxlog <br/>define CERTDIR %ROOT%\cert <br/>define CONFDIR %ROOT%\conf <br/>define LOGDIR %ROOT%\data <br/>define LOGFILE %LOGDIR%\nxlog.log <br/>LogFile %LOGFILE% <br/> <br/>Moduledir %ROOT%\modules <br/>CacheDir %ROOT%\data <br/>Pidfile %ROOT%\data\nxlog.pid <br/>SpoolDir %ROOT%\data <br/> <br/>&lt;Extension _syslog&gt; <br/> Module xm_syslog <br/>&lt;/Extension&gt; <br/> <br/> <br/>&lt;Extension charconv&gt; <br/> Module xm_charconv <br/> AutodetectCharsets shift_jis, utf-8 <br/>&lt;/Extension&gt; <br/> <br/>################################### <br/># define input <br/>################################### <br/>define SystemError 10016, 10028, 36882 <br/> <br/>&lt;Input in_eventlog&gt; <br/> Module im_msvistalog <br/> &lt;QueryXML&gt; <br/> &lt;QueryList&gt; <br/> &lt;Query Id=&quot;0&quot; Path=&quot;Application&quot;&gt; <br/> &lt;Select Path=&quot;Application&quot;&gt;*[System[(Level=1 or Level=2)]]&lt;/Select&gt; <br/> &lt;/Query&gt; <br/>&lt;/QueryList&gt; <br/> &lt;/QueryXML&gt; <br/> <br/>&lt;Exec&gt; <br/> if ($EventID IN (%SystemError%) and <br/> ($Data == &rsquo;Test_Message&rsquo;) <br/> ) drop(); <br/>&lt;/Exec&gt; <br/>Exec convert_fields(&quot;shift_jis&quot;, &quot;utf-8&quot;); <br/>&lt;/Input&gt; <br/>################################### <br/># difine output <br/>################################### <br/>&lt;Output out_eventlog&gt; <br/> Module om_udp <br/> Host ********** <br/> Port 514 <br/>&lt;/Output&gt; <br/> <br/>################################### <br/># Route monitor <br/>################################### <br/>&lt;Route route&gt; <br/> Path in_eventlog =&gt; out_eventlog <br/>&lt;/Route&gt; <br/> [Windows Eventlog]※XML <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="EventLog" /> <EventID Qualifiers="0">1000</EventID> <Level>2</Level> <Task>1</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2020-09-09T01:41:53.762804400Z" /> <EventRecordID>16834</EventRecordID> <Channel>System</Channel> <Computer>sv-otebk.ads.nttdata.co.jp</Computer> <Security /> </System> - <EventData> <Data>Test_Message</Data> </EventData> </Event>

Hi , I'm not sure if this is NXLog Conf mistake, or I misunderstood it. The official NXLog conf file: https://nxlog.co/documentation/nxlog-user-guide/ad-domain-controller.html The events IDs included in the conf file, seems to be found in Domain Controller, -> Event Viewer -> Windows Logs ->Security. But in conf file below, NXlog is trying to look for these events in "Directory Service" , with [System[Provider[ @Name='Microsoft-Windows-ActiveDirectory_DomainService']]] I did a test and seems in "Directory Service" there is almost 0 events that listed in "HighEvents Ids", "MediumEventIds" and "LowEventIds" . Can someone tell me if this is an mistake in the offical Nxlog conf file ?, or I'm misunderstaning the conf file configuration ? Thanks define HighEventIds 4618, 4649, 4719, 4765, 4766, 4794, 4897, 4964, 5124, 1102 define MediumEventIds 4621, 4675, 4692, 4693, 4706, 4713, 4714, 4715, 4716, 4724, 4727, 4735, 4737, 4739, 4754, 4755, 4764, 4764, 4780, 4816, 4865, 4866, 4867, 4868, 4870, 4882, 4885, 4890, 4892, 4896, 4906, 4907, 4908, 4912, 4960, 4961, 4962, 4963, 4965, 4976, 4977, 4978, 4983, 4984, 5027, 5028, 5029, 5030, 5035, 5037, 5038, 5120, 5121, 5122, 5123, 5376, 5377, 5453, 5480, 5483, 5484, 5485, 6145, 6273, 6274, 6275, 6276, 6277, 6278, 6279, 6280, 24586, 24592, 24593, 24594 define LowEventIds 4608, 4609, 4610, 4611, 4612, 4614, 4615, 4616, 4624, 4625, 4634, 4647, 4648, 4656, 4657, 4658, 4660, 4661, 4662, 4663, 4672, 4673, 4674, 4688, 4689, 4690, 4691, 4696, 4697, 4698, 4699, 4700, 4701, 4702, 4704, 4705, 4707, 4717, 4718, 4720, 4722, 4723, 4725, 4726, 4728, 4729, 4730, 4731, 4732, 4733, 4734, 4738, 4740, 4741, 4742, 4743, 4744, 4745, 4746, 4747, 4748, 4749, 4750, 4751, 4752, 4753, 4756, 4757, 4758, 4759, 4760, 4761, 4762, 4767, 4768, 4769, 4770, 4771, 4772, 4774, 4775, 4776, 4778, 4779, 4781, 4783, 4785, 4786, 4787, 4788, 4789, 4790, 4869, 4871, 4872, 4873, 4874, 4875, 4876, 4877, 4878, 4879, 4880, 4881, 4883, 4884, 4886, 4887, 4888, 4889, 4891, 4893, 4894, 4895, 4898, 5136, 5137 <Input events> Module im_msvistalog <QueryXML> <QueryList> <Query Id="0" Path="Directory Service"> <Select Path="Directory Service">*[System[Provider[ @Name='Microsoft-Windows-ActiveDirectory_DomainService']]] </Select> </Query> </QueryList> </QueryXML> <Exec> if ($EventID NOT IN (%HighEventIds%)) and ($EventID NOT IN (%MediumEventIds%)) and ($EventID NOT IN (%LowEventIds%)) drop(); </Exec> </Input>

New to nxlog and have it deployed on several test systems. I have multiple logs under C:\Program Files\nxlog\data called which combined are more than 27GB of data. nxlog.log.1 nxlog.log.2 nxlog.log.3 and so on... Are these the logs that are generated by om_file module? How do I rotate these? I've read the documentation, but am a little confused. I've outlined the criteria that I'm wanting to implement for log retention - any help is much appreciated. Desired Retention Criteria Each log file is 100mb in size No more than 5 log files Anything beyond that is deleted

Hi all, I'm looking for a debian Buster package for nxlog-ce but i've noticed that it's not available on the download page. Is there a reason ? Can i expect a future release soon ? Thank you very much for your assistance. Paul.