Formatting codes in multi line windows event ?


I am attempting to use Nxlog on windows to forward windows event logs as syslog. I am finding that the windows event 4672 (and only this event oddly enough) keeps getting broken into multiple lines and showing the character strings
#011 and #015

AskedMay 18, 2021 - 8:52pm

Nxlog maxing out CPU on server

We have installed NXlog on a server (remote desktop VM) but it is maxing out the CPU usage along with Events service control manager.
Before turning on Nxlog service, CPU is at 25%, after it is turned on CPU spikes up to 98% with just those two.

AskedMay 18, 2021 - 2:32pm

IIS Compressed Logs

I currently have the nxlog EE pulling IIS logs to a McAfee SIEM. The IIS logs are arriving fine from some devices, but others not. noticed during an incident that the IIS logs are in blue, which turns out that they are compressed. The other modules are working fine, the IIS module loads, there are no errors nor warnings given in the nxlog agent log, but no data gets collected.

Is there a different module to use, or a verbatim command to add to grab these compressed files?

AskedMay 17, 2021 - 7:33pm

include_stdout not working correctly (enterprise ediction)

I'm trying to use the stdout to use a powershell script for IIS to check all location for any w3svc* folders and collect the logs inside them. Currently getting the error:

"Couldn't process 'include' directly at <nxlog default location>; Invalid 'include_stdout' directive at <nxlog default location>; im_exec process %ROOT%\get_iis_paths.cmd exited normally with exitval: 1; The specified child process is done executing"

AskedMay 17, 2021 - 5:21pm