NXLog as a collector for Azure App Service Logs for SIEMS

Hi all,

I am new here, so hello.

I am trying to work out a solution to collect IIS Access Log data from Azure App Services and then forward to a SIEM such as Splunk, Loggly or ElasticSearch for Security analysis, Anomoly identification and alerting.

AskedSeptember 30, 2018 - 12:17am

im_dbi : is working ?


Is somebody has got an experience of im_dbi ?

I tried this example but /tmp/output is filled of blank char ?
I checked nxlog log at starting, everything is OK.
Driver mysql has been installed correcly

AskedSeptember 28, 2018 - 12:12pm

Add information from one event to another.

I've been fighting for a week, but the ideas have ended. When you delete files, Windows generates 2 Events 4663 then 4660. In EventID:4663 there is a file name, in EventID:4660 there is a result. The Marker can use the EventRecordID, which will differ by 1 for these two events. The idea with the help pm_evcorr add in EventID:4663 field from EventID:4660. As far as I understood, the design should be this:
1. EventID:4663 arrives

AskedSeptember 27, 2018 - 9:37am

Nxlog Deploy on windows

I'm trying to deploy nxlog with GPO on windows, but sims like MSI package from https://nxlog.co/products/nxlog-community-edition/download not working properly.
After creating GPO nothing happens, I have tried install as well with scrip (cmd /c Msiexec /I \\file server\share\nxlog-ce-2.9.1716.msi /qn) nothing.

AskedSeptember 27, 2018 - 9:09am

Problems sending Windows Eventlog to graylog

Hello everybody,

I'm sorry to bother you with another question concerning Windows Eventlog forwarding to graylog. Unfortunately I'm not able to figure this out on my own.

used versions:
nxlog 2.10.2102 (running on Windows Server 2016)
graylog 2.4.6 (running on Debian 9)

I have two nxlog setups. One using syslog and another one using GELF. Both do not work as I would expect.

1. Syslog

AskedSeptember 25, 2018 - 12:52pm