Hi All,
i'm testing the possibility of forwarding windows security logs to SIEM. Seems all ok, but i'm not able to drop messages with some values.
For example we have some event with
$TargetUsername = DWM-"1to11" (example : DWM-1)
$TargetUsername = UMFD-"1to11" (example : UMFD-4)
$TargetUsername = pcname$ (example : HOSTNAME$)
$TargetUsername = Anonymous Access
The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.)
Hello, I want to send IIS W3C logs to the Syslog server. The nxlog.conf file is as follows. If we assume that there are too many domains on the server, I want to quickly create this config file with powershell. Is this possible?
In this configuration file, I can define the website and log directories manually. This is true, but it may be easier to add website and log directories by creating a "dynamically" config file.
I have a question regarding running nxlog with the om_udpspoof module inside of a docker container. It appears that I should be able to do this, but in practice it does not work. I have tried the following:
hi there, I have a query. Got Windows servers with MS SQL installed and the NXLog 32 bits agent installed. Unfortunately no SQL logs are seen on our SIEM solution (Alienvault) and it seems the issue is because we should use the 64 bits agent (available for the Enterprise edition only). Has anyone experienced the same? Any tips? Any help would be appreciated
Many thanks!
