NXLog Enterprise v4 won't read Windows Security log, v3 fails to ResolveSID

Hi all,

I'm trying to deploy NXLog Enterprise to a couple of Windows domain controllers, pointed to Graylog to audit security.
As part of this, we need the "ResolveSID" feature so have gone Enterprise edition. Unfortunately only got a 1 year sub approved which doesn't allow enterprise support :(

AskedJanuary 13, 2020 - 9:27pm

Not sending to syslog

I am trying to use nxlog to read from a text file and send to a syslog collector from Rapid7.

I have read through Rapid7's documentation found at https://insightidr.help.rapid7.com/docs/nxlog

AskedJanuary 11, 2020 - 3:15am

View Output Logs


I'm using NXLog on Windows to send Event Log data into Google BigQuery but I'm not seeing my data.
There appears to be no errors in nxlog.log
When I use this:
<Output out>
Module om_file
File 'C:\Program Files (x86)\nxlog\data\nxlogfile.log'

I can see the data from the event log being logged.

Is there a module that logs all data as it's being transmitted?

AskedJanuary 9, 2020 - 6:16pm

drop if empty field

I have a file with multiple log lines, but I'm only interested in one type that has 6 fields in CSV format. I want to discard all the rest. So I have this [partial] file:

AskedJanuary 9, 2020 - 6:01pm

NXLog 4.3.4308 remote ssl socket was reset

Hi everybody!

I have a problem with collecting logs.

Сlient application logs:

2020-01-09 15:24:54 INFO connected to server OK
2020-01-09 15:25:22 INFO reconnecting in 1 seconds
2020-01-09 15:25:22 ERROR remote ssl socket was reset? (SSL_ERROR_SYSCALL with errno=9); End of file found

TCP dump at the moment error:

AskedJanuary 9, 2020 - 3:39pm