1
answer

ERROR remote ssl socket was reset? (SSL_ERROR_SSL with errno=9); End of file found

Hi,
I am trying to use an ssl connection between client and server in "server-side authentication only" mode.
I placed the certificates in the respective /conf folder of nxlog server.
these are the current configurations:

>>> CLIENT <<<
<Output to_syslog_server>
Module om_ssl
Host 10.1.1.1
Port 516
Exec $Message = to_leef(); to_syslog_ietf();
</Output>

AskedSeptember 9, 2019 - 9:54am
1
answer

Regex to set variable

Hi,
I’m trying to use regex in nxlog.
My current configuration is to save firewall logs to a file .txt using the $Sender value to create the file name.

.......

<Input *****>
Module im_tcp
Host 0.0.0.0
Port 1001
<Exec>
if $raw_event =~ /LEEF/
parse_leef();
else
parse_syslog();
</Exec>
</Input>

.......

AskedSeptember 4, 2019 - 5:36pm
1
answer

Issues reconnecting after UDP fails to send to logging server.

Hello,

I'm experiencing an issues with the community edition. Once you power off the log collection server, the nxlog client agent (for windows) will drop the connection, and stop sending UDP packets after the log collection server is back online. Restarting the windows agent starts resolves the issue.

Is there a solution for this besides restarting the windows service every so often to ensure the agent is always sending logs?

Thanks

AskedSeptember 3, 2019 - 6:56pm
1
answer

NXLog Enrichment

I'm attempting to enrich some Windows event logs with "ClientMachine" which needs to equal the hostname. I'm having issues with only some logs coming through with this enriched fields, and others do not contain the ClientMachine enrichment. My config is below. Any help would be greatly appreciated.

Panic Soft
define ROOT C:\Program Files\nxlog
#ModuleDir %ROOT%\modules
#CacheDir %ROOT%\data
#SpoolDir %ROOT%\data

AskedAugust 28, 2019 - 11:38pm
1
answer

Nxlog Multiline Input to 1 Syslog Message

Hi all,

I'm using nxlog to send CAS audit log to our syslog server. Each entry in the text file looks similar to this as below:

AskedAugust 28, 2019 - 11:45am

Pages