Hello everyone,
I have a window server that receives logs from other windows hosts (log collector) and from this last one, events are sent to a Fortisiem. The problem is that in SIEM the IP that appears is always the collector's IP and all host events are identified by that IP.
Is it possible to keep the original IP of each host?
For about 5 years, I've been using NXLog to forward Windows logs from all of my Windows servers into a Graylog server. Recently, one of the servers developed an issue where there will be event ID 5156 ("The Windows Filtering Platform has permitted a connection") triggered when NXLog sends logs to the Graylog server, which triggers another event ID 5156, which triggers another and another and another and so on.
Hi. I am new in NXlog. I am using om_dbi module to execute some SQL to insert my logs to pqsql. But I have the following ERROR "om_dbi failed to execute SQL statement", and NXLOG is trying to repeat this SQL again and again. How to stop this loop SQL execution after the first failure.
Hello Team,
I am new to Nxlog and we have a requirement to send below log file content to syslog server, fields will be same for every new log file.
Can you please help in writing conf file to send it to syslog.
Sample Log file.
OPSWAT - METADEFENDER KIOSK SCAN RESULTS
User ID: TRAININGLAB\syslog
Profile: Default
Session ID: 52CE90C9-73DC-4150-AE7F-1FDCFF933D3F
PROCESSING FINISHED SUCCESSFULLY
Hi all, I installed the .apk file (nxlog-1.4.571.apk) on a phone with Android 8.1. When I click on "Start" I get the following error message:
Verifying config ...
"/data/data/com.nxsec.nxlog/nxlog": error: Android 5.0 and later only support position-independent executables (-fPIE).
How can I solve it? Is there a version compatible with android>5? Thanks!
