Hi everyone,
I would like to know if some standard installation of nxlog on a AD could lead to the nxlog service becoming dependant of the windows event log service ?
It not supposed to be, but for some reason (that I didn't understand yet) it happens in my case.
Thanks.
Regards
Hello,
I am attempting to use Nxlog on windows to forward windows event logs as syslog. I am finding that the windows event 4672 (and only this event oddly enough) keeps getting broken into multiple lines and showing the character strings
#011 and #015
Hello,
We have installed NXlog on a server (remote desktop VM) but it is maxing out the CPU usage along with Events service control manager.
Before turning on Nxlog service, CPU is at 25%, after it is turned on CPU spikes up to 98% with just those two.
I currently have the nxlog EE pulling IIS logs to a McAfee SIEM. The IIS logs are arriving fine from some devices, but others not. noticed during an incident that the IIS logs are in blue, which turns out that they are compressed. The other modules are working fine, the IIS module loads, there are no errors nor warnings given in the nxlog agent log, but no data gets collected.
Is there a different module to use, or a verbatim command to add to grab these compressed files?
I'm trying to use the stdout to use a powershell script for IIS to check all location for any w3svc* folders and collect the logs inside them. Currently getting the error:
"Couldn't process 'include' directly at <nxlog default location>; Invalid 'include_stdout' directive at <nxlog default location>; im_exec process %ROOT%\get_iis_paths.cmd exited normally with exitval: 1; The specified child process is done executing"
