We are in the process of ditching solarwinds kiwi syslog because its not performing, and is instable after every .net update. We mostly use syslog as an proxy between the customer network and our own datacenter where the siem is located.
One of the things we heavely use is an filter like log received from
host x.x.x.x message text contains " modsecurity "
I am trying to run a script every time an error is found in logs
We have an application that does some multiple updates every morning between 6am and 7am. During this time, it generates massive amounts of log entries.
This in turn causes the box to run out of memory, triggering Linux's OOM daemon. Running the NxLog-ce.
I have added
PersistLogqueue TRUE
SyncLogqueue TRUE
CacheFlushInterval always
CacheSync TRUE
Can't find this in the documentation and it seems like it should be fairly obvious, so apologies if this is a dumb question. Given the below JSON, if I perform parse_json($raw_event) with Flatten set to the default value of FALSE, how do I access the $header.time_seconds_epoch value, or any other nested value within the config? If Flatten is set to TRUE, then $header.time_seconds_epoch has the expected value in it, but with it set to FALSE, $header.time_seconds_epoch is NULL.
I have a scenario, where NXLog (CE) collects log events on Windows Server 2012R2 using im_msvistalog and sends messages to a syslog server. The system has a rather unconventional language and locale setting: The location and locale are german (germany), but the language preference is set to English (US). All software installed / running generates GUI and messages in english, as expected.
