Syslog forwarding , bogus ip adres

We are in the process of ditching solarwinds kiwi syslog because its not performing, and is instable after every .net update. We mostly use syslog as an proxy between the customer network and our own datacenter where the siem is located.

One of the things we heavely use is an filter like log received from

host x.x.x.x message text contains " modsecurity "

AskedMay 6, 2020 - 1:19pm

Memory issues on NXLog

We have an application that does some multiple updates every morning between 6am and 7am. During this time, it generates massive amounts of log entries.
This in turn causes the box to run out of memory, triggering Linux's OOM daemon. Running the NxLog-ce.

I have added

PersistLogqueue TRUE
SyncLogqueue TRUE
CacheFlushInterval always
CacheSync TRUE

AskedMay 5, 2020 - 2:07am

Accessing nested JSON values in the config

Can't find this in the documentation and it seems like it should be fairly obvious, so apologies if this is a dumb question. Given the below JSON, if I perform parse_json($raw_event) with Flatten set to the default value of FALSE, how do I access the $header.time_seconds_epoch value, or any other nested value within the config? If Flatten is set to TRUE, then $header.time_seconds_epoch has the expected value in it, but with it set to FALSE, $header.time_seconds_epoch is NULL.

AskedMay 4, 2020 - 4:23pm

NXLog language selection error?

I have a scenario, where NXLog (CE) collects log events on Windows Server 2012R2 using im_msvistalog and sends messages to a syslog server. The system has a rather unconventional language and locale setting: The location and locale are german (germany), but the language preference is set to English (US). All software installed / running generates GUI and messages in english, as expected.

AskedMay 4, 2020 - 3:04pm