In case of DOS attack on a device, there would be a surge of logs in a very short time and all the events look simillar with change in one or two parameters source port/destination port/source ip/destination ip. In such case, can we filter such repeatitive logs in NXLOG agent? If yes, How to do that? I tried pm_norepeat but it didnt help. Any other alternate options?
What I'm trying to achive is to have a few Values globaly defined and the should be automatically added to all inputs.
Ie the same thing as Global Tags in Telegraf
Today I first use a define statement in the global part of NXLog.conf
Define Company Acme
For each input I define i have to add a Exec line
Exec $Company = '%Company%';
I am looking to use nxlog to transform a CSV formatted input from an SMB share into a json formatted line-by-line output for parsing by further handlers of our logging information. The CSV in question is an export of Windows Event Logs from a domain controller. An example of the CSV I am trying to parse is: