Vulnerability scanner has discovered a number of vulnerabilities (CVE-2022-4450, CVE-2023-0215, CVE-2023-4807) related to “OpenSSL, version 1.1.1q” in NXLog libraries "libcrypto-1_1-x64.dll" and "libssl-1_1-x64.dll:If we are using the following modules: im_msvistalog, im_file, om_tcp;and we are NOT using the following modules: im_ssl, om_ssl;would simply deleting the following files from the system: “C:\ProgramFiles\nxlog\libcrypto-1_1-x64.dll”, “C:\ProgramFiles\nxlog\libssl-1_1-x64.dll” (which solves the problem with the vulnerability scanner alerts) affect functionality of NXLog?

Hello,I'm using an older version of the NXLog agent (ce-2.0.1716) on Windows Server 2016, and I want to import only EventLogs that correspond to a severity level between 1 and 3 but I really have no idea how to do it. Despite my research and testing, nothing seems to work.Below, you can see the original “nxlog.conf” configuration file for my DC server:define ROOT C:\Program Files\nxlog define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension _syslog> Module xm_syslog </Extension> <Input in> Module im_msvistalog #011Information Exec if ($Severity == 'INFO' and $SourceName == 'CxAudioSvcSource') drop(); Exec if ($Severity == 'INFO' and ($EventId == 0)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 1001)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 107)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 112)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 129)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 146)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 1)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 2000)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 2002)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 200)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 201)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 2024)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 20)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 2415)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 3)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 4006)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 4007)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 4017)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 4126)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 4257)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 4326)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 5017)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 505)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 5126)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 5257)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 5308)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 5309)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 5310)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 5311)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 5312)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 5313)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 5314)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 5315)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 5320)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 5326)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 5327)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 5340)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 600)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 6115)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 62170)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 62171)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 7036)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 8006)) drop(); Exec if ($Severity == 'INFO' and ($EventId == 8007)) drop(); #011Warning Exec if ($Severity == 'WARNING' and ($EventId == 200)) drop(); Exec if ($Severity == 'WARNING' and ($EventId == 202)) drop(); Exec if ($Severity == 'WARNING' and ($EventId == 61)) drop(); Exec if ($Severity == 'WARNING' and ($EventId == 1112)) drop(); Exec if ($Severity == 'WARNING' and ($EventId == 1002)) drop(); #011Success Exec if ($Severity == 'SUCCESS' and ($EventId == 4672)) drop(); Exec if ($Severity == 'SUCCESS' and ($EventId == 4799)) drop(); #011Error Exec if ($Severity == 'ERROR' and ($EventId == 2028)) drop(); Exec if ($Severity == 'ERROR' and ($EventId == 6113)) drop(); </Input> <Output out> Module om_tcp Host supervision Port 514 Exec to_syslog_snare(); </Output> <Route 1> Path in => out </Route>Below, you can see my new “nxlog.conf” configuration file for my DC server:define ROOT C:\Program Files\nxlog define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension _syslog> Module xm_syslog </Extension> <Input in> Module im_msvistalog <QueryXML> <QueryList> <Query Id='0' Path='Application'> <Select Path='Application'>[System[(Level=1 or Level=2 or Level=3)]]</Select> <Select Path='Security'>[System[(Level=1 or Level=2 or Level=3)]]</Select> <Select Path='Setup'>[System[(Level=1 or Level=2 or Level=3)]]</Select> <Select Path='System'>[System[(Level=1 or Level=2 or Level=3)]]</Select> </Query> </QueryList> </QueryXML> </Input> <Output out> Module om_tcp Host supervision Port 514 Exec to_syslog_snare(); </Output> <Route 1> Path in => out </Route>Below, you can see an extract of the log file for the NXLog agent for my DC server:2023-12-11 13:42:40 INFO nxlog-ce-2.9.1716 started 2023-12-11 13:42:40 INFO connecting to supervision:514 2023-12-11 14:00:21 WARNING stopping nxlog service 2023-12-11 14:00:21 WARNING nxlog-ce received a termination request signal, exiting... 2023-12-11 14:00:23 INFO nxlog-ce-2.9.1716 started 2023-12-11 14:00:25 INFO connecting to supervision:514 2023-12-11 14:00:49 WARNING stopping nxlog service 2023-12-11 14:00:49 WARNING nxlog-ce received a termination request signal, exiting... 2023-12-11 14:00:50 INFO nxlog-ce-2.9.1716 started 2023-12-11 14:00:50 INFO connecting to supervision:514 2023-12-11 14:05:41 WARNING stopping nxlog service 2023-12-11 14:05:41 WARNING nxlog-ce received a termination request signal, exiting... 2023-12-11 14:05:43 INFO nxlog-ce-2.9.1716 started 2023-12-11 14:05:45 INFO connecting to supervision:514 2023-12-11 14:14:38 WARNING stopping nxlog service 2023-12-11 14:00:21 WARNING nxlog-ce received a termination request signal, exiting... 2023-12-11 14:16:24 INFO nxlog-ce-2.9.1716 started 2023-12-11 14:16:27 INFO connecting to supervision:514 2023-12-11 14:19:51 WARNING stopping nxlog service 2023-12-11 14:19:52 WARNING nxlog-ce received a termination request signal, exiting... 2023-12-11 14:19:53 INFO nxlog-ce-2.9.1716 started 2023-12-11 14:19:53 INFO connecting to supervision:514 2023-12-11 14:21:53 WARNING stopping nxlog service 2023-12-11 14:21:53 WARNING nxlog-ce received a termination request signal, exiting... 2023-12-11 14:21:54 INFO nxlog-ce-2.9.1716 started 2023-12-11 14:21:54 INFO connecting to supervision:514I also tried options such as:Exec if ($Severity == 'INFO') drop();And I tried by modifying th “input” field with different values below, but nothing seems to work.<Select Path='Application'>[System/Level<3]</Select> <Select Path='Security'>[System/Level<3]</Select> <Select Path='System'>[System/Level<3]</Select><Select Path='Application'>[System[Level=3]]</Select> <Select Path='System'>[System[Level=3]]</Select> <Select Path='Security'>[System[Level=3]]</Select><Select Path='Application'>[System[(Level=1 or Level=2 or Level=3)]]</Select> <Select Path='System'>[System[(Level=1 or Level=2 or Level=3)]]</Select> <Select Path='Security'>*[System[(Level=1 or Level=2 or Level=3)]]</Select>Unfortunaltely, I'm far from being a specialist in log processing and management, so if you you had an idea to suggest to help mesolve my problem, I would be very gratful.Thank you in advance,Arn_no

Got this error while trying to forward windows 11 event logs to SIEM:ERROR failed to subscribe to msvistalog events,the channel was not found [error code: 15007]; The specified channel could not be found.my  nxlog config is heredefine ROOT C:\Program Files\nxlog #define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension json> Module xm_json </Extension> <Extension fileop> Module xm_fileop </Extension> Nxlog internal logs <Input internal> Module im_internal Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; to_json(); </Input> Win Event Log - Security <Input inSecurityEvent> Module im_msvistalog Query <QueryList> <Query Id=""><Select Path="Security">*</Select></Query></QueryList> Exec $Message = to_json(); </Input> <Output outSecurityEvent> Module om_tcp Host X.X.X.X Port 5060 Exec $EventTime = strftime($EventTime, '%Y-%m-%dT%H:%M:%SZ'); to_json(); Exec to_json(); Exec file_write("C:\Program Files\nxlog\data\SecurityEvents_output.log", $raw_event); </Output> <Route 1> Path inSecurityEvent => outSecurityEvent </Route>This works fine on other version of windows. the problem is windows 11

Hi.. anybody can clarify if om_azuremonitor work in air gap environment  Thx for your inputs

I have enabled the im_systemd module now included in the community version and i have noticed that every time the nxlog service is started, a huge amount of data is sent. I have configured an output to log these data in file and i get 20M of data every at each restart. Has anyone ever encountered this behaviour ?

The objective is to configure the Nxlog to send logs to Sentinel LAW. The output module used is om_azuremonitor. The DCE URI directive depends on DNS resolution to resolve the url to ip. We added entry in the local /etc/hosts filleBut nslookup on the URI fails.Any inputs how the DNS can be resolved.There is no specific DNS server configured

Hi,I have the configuration below in which I would like to collect data from “Security" and from ”ForwardedEvents".I would like the data from the Security to be with specific values (e.g. $TaskValue, $Version) while ForwardedEvents ignore them. How can I configure it?

Hi! Can somebody help me with how DNS resolution works in Nxlog configuration?Thx !

Hey i try to send logs in TCP from nxlog instance to another to make kind of a proxy so i can set the parse of logs from one place and easier time to configure TLS rather than in my syslog server. But i receive a “end of file” error when the tcp connection is trying to be made between the 2 nxlog-ce instances. So i think i might using the nxlog-ce in a way its not designed to, am i right? Thank you.

Hello everyone,I need your help with my issue.I use the CE version and restarting the nxlog service, I receive errors loading the xm_resolver.dll & xm_admin.dll modules in the log file. After checking, I noticed that these DLLs are not present on my machine.2023-12-27 17:48:27 ERROR Failed to load module from C:\Program Files\nxlog\modules\extension\xm_resolver.dll, The specified module could not be found. ; 2023-12-27 17:48:27 ERROR Failed to load module from C:\Program Files\nxlog\modules\extension\xm_admin.dll, The specified module could not be found. ; Do you have any idea on how to solve this issue and how can I get these DLLs?Thanks in advance,

Hi, I am unable to run your basic example “Sending emails with Python”  because nxlog is unable to load the required module.Reducing the code to a minimal set, I found that nxlog is unable to load some basic Python modules that come bundled with the Python installation.Following are some modules that nxlog is unable to load:smtplibsocketsslemail.mime.textwindows_tools.users (after installing with "pip install windows_tools.users")Same file modified to be executed directly from python.exe in same machine, runs correctlynxlog.conf:Panic Soft #NoFreeOnExit TRUE define ROOT C:\Program Files\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf\nxlog.d define LOGDIR %ROOT%\data include %CONFDIR%\*.conf define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE% Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data <Extension python> Module xm_python PythonCode 'c:\Program Files\nxlog\modules\extension\python\py\send_email.py' </Extension> <Input in> Module im_null </Input> <Output out> Module om_null </Output> <Processor myprocessor> Module pm_null <Exec> python_call('main'); </Exec> </Processor> <Route myroute> Path in => myprocessor => out </Route>send_email.py:import smtplib #import socket #import ssl #import email.mime.text pip install windows_tools.users #import windows_tools.users as users import json import nxlog #def main(): def main(event): # Body that does nothing print("Hello from Main()")nxlog.log:2023-12-28 11:45:26 ERROR Python ERROR: ImportError('DLL load failed while importing _socket: Impossibile trovare il modulo specificato.') 2023-12-28 11:45:26 ERROR #0 in <module> (...) at: C:\Program Files\Python310\Lib\socket.py:51; 2023-12-28 11:45:26 ERROR #1 in _call_with_frames_removed (...) at: <frozen importlib._bootstrap>:241; 2023-12-28 11:45:26 ERROR #2 in exec_module (...) at: <frozen importlib._bootstrap_external>:882; 2023-12-28 11:45:26 ERROR #3 in _load_unlocked (...) at: <frozen importlib._bootstrap>:685; 2023-12-28 11:45:26 ERROR #4 in _find_and_load_unlocked (...) at: <frozen importlib._bootstrap>:999; 2023-12-28 11:45:26 ERROR #5 in _find_and_load (...) at: <frozen importlib._bootstrap>:1025; 2023-12-28 11:45:26 ERROR #6 in <module> (...) at: C:\Program Files\Python310\Lib\smtplib.py:44; 2023-12-28 11:45:26 ERROR #7 in _call_with_frames_removed (...) at: <frozen importlib._bootstrap>:241; 2023-12-28 11:45:26 ERROR #8 in exec_module (...) at: <frozen importlib._bootstrap_external>:882; 2023-12-28 11:45:26 ERROR #9 in _load_unlocked (...) at: <frozen importlib._bootstrap>:685; 2023-12-28 11:45:26 ERROR #10 in _find_and_load_unlocked (...) at: <frozen importlib._bootstrap>:999; 2023-12-28 11:45:26 ERROR #11 in _find_and_load (...) at: <frozen importlib._bootstrap>:1025; 2023-12-28 11:45:26 ERROR #12 in <module> (...) at: C:\Program Files\nxlog\modules\extension\python\py\send_email.py:1; 2023-12-28 11:45:26 ERROR #13 in _call_with_frames_removed (...) at: <frozen importlib._bootstrap>:241; 2023-12-28 11:45:26 ERROR #14 in exec_module (...) at: <frozen importlib._bootstrap_external>:882; 2023-12-28 11:45:26 ERROR #15 in _load_unlocked (...) at: <frozen importlib._bootstrap>:685; 2023-12-28 11:45:26 ERROR #16 in _find_and_load_unlocked (...) at: <frozen importlib._bootstrap>:999; 2023-12-28 11:45:26 ERROR #17 in _find_and_load (...) at: <frozen importlib._bootstrap>:1025; 2023-12-28 11:45:26 ERROR Couldn't import python module 'send_email' 2023-12-28 11:45:26 INFO nxlog-ce-3.2.2329 started 2023-12-28 11:45:26 ERROR ### ASSERTION FAILED at line 503 in libnxpython.c/nx_python_init(): "conf->thread_state_key == NULL" ###The environment is:Windows Server 2022nxlog-ce-3.2.2329python-3.10.8-amd64.exe 

Hi Support,I would like to inquire whether NXLog supports tamper-proofing for syslog received and stored in the NXLog Relay Server.Thank you.Regards,Billy

I had to restart the VM running our NXLog Manager (CentOS7).Now I'm getting the following message when attempting to access our NXLog Manager URL: HTTP ERROR 500Problem accessing /nxlog-manager/login.html. Reason: Server Error Caused by:org.apache.tiles.request.render.CannotRenderException: ServletException including path '/WEB-INF/layouts/default.jsp'.

Hello :) I have a friend that is asking why he cant find nxlog on his pc under installed applications, When I run the .msi file I can find it easily. Did his previous security officer install it a different way? (On Windows) Also how can I see what version of nxlog is currently running? (On Windows) Thanks

Purpose: To add geographical information (geoip) with the logs.Problem: I am trying to add geoip in the logs coming from linux and windows hosts. For that I have gone through https://docs.nxlog.co/ce/current/index.html#xm_perl. In both (windows and linux hosts). i am not able to run nxlog, after modifying the nxlog config according to the given link.Windows-11: First, I have installed perl-5.28.2.1, after that i have modified the config. When i am trying to restart nxlog service, It is showing the following error in log file:2023-12-04 07:09:22 ERROR Failed to load module from C:\Program Files\nxlog\modules\extension\xm_perl.dll, The specified module could not be found. ; The specified module could not be found. 2023-12-04 07:09:22 ERROR Couldn't parse Exec block at C:\Program Files\nxlog\conf\nxlog.conf:62; couldn't parse statement at line 65, character 0 in C:\Program Files\nxlog\conf\nxlog.conf; function 'perl_call()' does not exist or takes different arguments 2023-12-04 07:09:22 ERROR module 'sys_in' has configuration errors, not adding to route '1' at C:\Program Files\nxlog\conf\nxlog.conf:81 2023-12-04 07:09:22 ERROR route 1 is not functional without input modules, ignored at C:\Program Files\nxlog\conf\nxlog.conf:81 2023-12-04 07:09:22 WARNING no routes defined! 2023-12-04 07:09:22 WARNING not starting unused module sys_in 2023-12-04 07:09:22 WARNING not starting unused module sys_outconfig is as follows:Panic Soft #NoFreeOnExit TRUE define ROOT C:\Program Files\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf\nxlog.d define LOGDIR %ROOT%\data include %CONFDIR%\\*.conf define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE% Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data <Extension _syslog> Module xm_syslog </Extension> <Extension _json> Module xm_json </Extension> <Extension _charconv> Module xm_charconv AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32 </Extension> <Extension _exec> Module xm_exec </Extension> <Extension perl> Module xm_perl PerlCode C:\Program Files\nxlog\modules\extension\perl\processlogs.pl </Extension> <Extension _fileop> Module xm_fileop # Check the size of our log file hourly, rotate if larger than 5MB <Schedule> Every 1 hour Exec if (file_exists('%LOGFILE%') and \ (file_size('%LOGFILE%') >= 5M)) \ file_cycle('%LOGFILE%', 8); </Schedule> # Rotate our log file every week on Sunday at midnight <Schedule> When @weekly Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8); </Schedule> </Extension> Sending the system logs over tcp <Input sys_in> Module im_msvistalog <Exec> $raw_event = "windows " + to_json(); perl_call("process") </Exec> </Input> #setting the output to rsyslog server <Output sys_out> Module om_tcp Host <ip-address of rsyslog server> Port 514 # First we parse the input natively from nxlog Exec parse_syslog_bsd(); # Now call the 'process' subroutine defined in 'processlogs.pl' Exec to_json(); </Output> <Route 1> Path sys_in => sys_out </Route>Linux-Ubuntu(22.04): I have not installed perl as it is already installed. So i modified the config, and restarted the nxlog service, but in the logs it is showing as:2023-12-04 14:41:52 ERROR the perl interpreter failed to parse /etc/nxlog/processlogs.pl 2023-12-04 14:41:52 INFO nxlog-ce-3.2.2329 started 2023-12-04 14:41:52 INFO connecting to <ip-address of rsyslog server>:514 2023-12-04 14:41:52 ERROR the perl interpreter failed to parse /etc/nxlog/processlogs.plConfig is as follows:## This is a sample configuration file. See the nxlog reference manual about the configuration options. It should be installed locally under /usr/share/doc/nxlog-ce/ and is also available online at http://nxlog.org/docs ######################################## Global directives ######################################## User nxlog Group nxlog include /etc/nxlog/nxlog.d/*.conf LogFile /var/log/nxlog/nxlog.log LogLevel INFO ######################################## Modules ######################################## <Extension _syslog> Module xm_syslog </Extension> <Extension perl> Module xm_perl PerlCode /etc/nxlog/processlogs.pl </Extension> <Input in1> Module im_file File "/var/log/auth.log" <Exec> $raw_event = " ankurlapauthlogs " + $raw_event; </Exec> </Input> <Output fileout1> Module om_tcp Host <ip-address of rsyslog server> Port 514 Exec perl_call("process"); Exec to_syslog_bsd(); </Output> ######################################## Routes ######################################## <Route 1> Path in1 => fileout1 </Route>P.S. i am using the same processlogs.pl file as given in the refrence manual.

Hi, Have just installed NXLog Enterprise Trial - however I cannot start the service - getting error message : nxlog[1711122]: 2022-01-20 09:19:34 ERROR [CORE|main] This NXLog version has expired. Any idea how the trial license is applied? Any assistance would be greatly appreciated. Kind regards, Liam

I'm using NX log enterprise to collect Sysmon logs.I have a problem with EventID 12 , In the original (Windows view ) the event type is set to EventType: CreateKeyAs part of the NXlog output, in the Metadata the Event type is set to INFO and only in the msg field i can see the EventType: CreateKey  Please advice 

Good Afternoon Team.I have a nxlog service running on a windows server. It has input rule to collect syslog from several devices like this: <Input syslog514udp>Module im_udpPort 514Host 0.0.0.0<Exec> $raw_event =~ s/\r?\n/#012/g; parse_syslog_bsd();</Exec> </Input>  I am trying to forward the syslog of one specific device (10.10.10.10) to a public IP 190.20.30.40, but the filter is not working since nxlog is forwarding everything, configuration bellow: <Output OutNetomi>Exec if ($MessageSourceAddress == ‘10.10.10.10’) drop();Module  om_udpHost    190.20.30.40Port    514</Output> Do you know where the error is? Thank you.Diego.

When I start NXlog CE, I get a socket error when tryin gto connect to  the remote Graylog servernxlog.conf...######################################### Global directives                    #########################################User nxlogGroup nxloginclude /etc/nxlog/nxlog.d/*.confLogFile /var/log/nxlog/nxlog.logLogLevel INFO######################################### Modules                              ##########################################<Extension _syslog>#    Module      xm_syslog#</Extension><Extension json>   Module         xm_json</Extension><Extension syslog>   Module         xm_syslog</Extension><Input in1>   Module      im_udp    Port        1514   Exec        parse_syslog_bsd();</Input><Input in2>   Module      im_tcp   Port        1514</Input><Input kernel>   Module         im_kernel   Exec           parse_syslog_bsd();</Input><Input systemd>   Module         im_systemd</Input><Input devlog>   Module         im_uds   UDS            /dev/log   FlowControl    FALSE   Exec           $raw_event =~ s/\s+$//;   Exec           parse_syslog_bsd();</Input><Output fileout1>   Module      om_file   File        "/var/log/nxlog/logmsg.txt"   Exec        if $Message =~ /error/ $SeverityValue = syslog_severity_value("error");   Exec        to_syslog_bsd();</Output><Output fileout2>   Module      om_file   File        "/var/log/nxlog/logmsg2.txt"</Output><Output out>   Module         om_tcp   Host           192.79.220.162:1514   Exec           $Message = to_json(); to_syslog_bsd();</Output>######################################### Routes                               #########################################<Route 1>   Path        in1 => fileout1</Route><Route tcproute>   Path        in2 => fileout2</Route><Route r>    Path           kernel, systemd, devlog => out</Route>...nxlog.log...2023-10-27 09:56:23 WARNING nxlog-ce received a termination request signal, exiting...2023-10-27 09:56:24 ERROR Couldn't get systemd cursor;Cannot assign requested address2023-10-27 09:56:24 ERROR Couldn't remove pidfile /run/nxlog/nxlog.pid: Permission denied2023-10-27 09:56:25 INFO configuration OK2023-10-27 09:56:25 INFO nxlog-ce-3.2.2329 started2023-10-27 09:56:25 ERROR couldn't bind socket /dev/log;Address already in use2023-10-27 09:56:25 INFO reconnecting in 1 seconds2023-10-27 09:56:25 ERROR apr_sockaddr_info failed for 192.xxx.xxx.162:1514:514;Name or service not known2023-10-27 09:56:26 INFO reconnecting in 2 seconds2023-10-27 09:56:26 ERROR apr_sockaddr_info failed for 192.xxx.xxx.162:1514:514;Name or service not known2023-10-27 09:56:28 INFO reconnecting in 4 seconds2023-10-27 09:56:28 ERROR apr_sockaddr_info failed for 192.xxx.xxx.162:1514:514;Name or service not known2023-10-27 09:56:32 INFO reconnecting in 8 seconds2023-10-27 09:56:32 ERROR apr_sockaddr_info failed for 192.xxx.xxx.162:1514:514;Name or service not known2023-10-27 09:56:40 INFO reconnecting in 16 seconds2023-10-27 09:56:40 ERROR apr_sockaddr_info failed for 192.xxx.xxx.162:1514:514;Name or service not known2023-10-27 09:56:56 INFO reconnecting in 32 seconds2023-10-27 09:56:56 ERROR apr_sockaddr_info failed for 192.xxx.xxx.162:1514:514;Name or service not known2023-10-27 09:57:28 INFO reconnecting in 64 seconds2023-10-27 09:57:28 ERROR apr_sockaddr_info failed for 192.xxx.xxx.162:1514:514;Name or service not known...    environment description...nxlog-ce is running on Oracle Linux Server version 8.8Package version is -3.2.2329-1.x86_64 ...relevant details...This is a new installation. The Graylog server is not receiving any logs from this machineThis problem does not involve parsing data.The problems is that the port I identified in the nxlog.conf file "1514" is being appended by "514" so the socket connection fails to the remote server. If I remove 1514 from the nxlog.conf file, the system still tries to connect at port 514 and gets denied errors since Graylog is seutp to listen on 1514...

I installed nxlog with the config below, but the logs I receive with my SysLogServer are not in UTF8 ?The Windowssystem is a german Windows 11, on this machine nxlog ist installed and running. Here is a sample output on the syslog server ( KiwiSyslog ) :10-31-2023 15:37:05 User.Info 192.168.75.20 Oct 31 15:37:04 PC-01 MSWinEventLog   1   Microsoft-Windows-PushNotification-Platform/Operational   1469   Tue Oct 31 15:37:04 2023   1025   Microsoft-Windows-PushNotifications-Platform   SYSTEM   User   Information   PC-01   N/A      Ein Stromversorgungsereignis wurde ausgel”st: MonitorSettingChange [PowerEventType] true [Enabled]   1846You can see that there are the german Umlaut are not displayed, ‘ausgel”st:’ have to diplay as 'ausgelöst:' Hope someone can help me.here is the nxlog.log:Panic Soft#NoFreeOnExit TRUEdefine ROOT     C:\Program Files\nxlogdefine CERTDIR  %ROOT%\certdefine CONFDIR  %ROOT%\conf\nxlog.ddefine LOGDIR   %ROOT%\datainclude %CONFDIR%\\*.confdefine LOGFILE  %LOGDIR%\nxlog.logLogFile %LOGFILE%Moduledir %ROOT%\modulesCacheDir  %ROOT%\dataPidfile   %ROOT%\data\nxlog.pidSpoolDir  %ROOT%\data<Extension _syslog>   Module      xm_syslog</Extension><Extension _charconv>   Module      xm_charconv   AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32</Extension><Extension _exec>   Module      xm_exec</Extension><Extension _fileop>   Module      xm_fileop   # Check the size of our log file hourly, rotate if larger than 5MB   <Schedule>       Every   1 hour       Exec    if (file_exists('%LOGFILE%') and \                  (file_size('%LOGFILE%') >= 5M)) \                   file_cycle('%LOGFILE%', 8);   </Schedule>   # Rotate our log file every week on Sunday at midnight   <Schedule>       When    @weekly       Exec    if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);   </Schedule></Extension># Snare compatible example configuration# Collecting event log<Input in>   Module      im_msvistalog</Input># # Converting events to Snare format and sending them out over TCP syslog<Output out>   Module      om_tcp   Host        192.168.75.20   Port        514   Exec        to_syslog_snare();</Output># # Connect input 'in' to output 'out'<Route 1>   Path        in => out</Route>