Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.

Load Balanced Output Config
Trying to configure the NXLog forwarder to load balance it's output stream. I tried creating 2 output stanzas out1 and out2 with the appropriate IPs and then routed as Path   eventlog => out1, out2. This seemed to clone the output stream as logs were going to both receivers. What would be the proper way to tell NXLog to use one IP if available, else another IP?

FormerSplunk created
Replies: 1
View post »
last updated
Routing messages based on type and source in a client server configuration
Currently process and transform the windows event/iis logs on the client, however as I have more servers I am wondering about routing everything to a central point using the binary format and then processing them into the relevant tables in to a mysql db. I am struggling with at which stage this filtering and tansforming is done and what the route should look like. Do I use the patern filter in a process stage and then use and if statement in the route based on the patern id? Clients im_msvistalog => om_tcp (binary) w3c extension(im_file) => om_tcp (binary) Server im_tcp => ?????????? => ?????? (om_dbi but based on source message type evntlog table |syslog table |iis log table|apache log table|security log table) Can you point me in the right direction?

imperimus created
Replies: 1
View post »
last updated
xm_perl.dll is not present in extension directory
I am trying to use the perl extension in Windows, but nxlog complains that it cannot find the xm_perl.dll. The complaint is correct, the file is not there. My question is why? Does the windows version not support using perl?

MagnusBjarnlid created
Replies: 1
View post »
last updated
Windows Nxlog creating multiple dyn$ folders
Hi,  I really would like some assistance in the forum -  Here is the scenario: Installed nxlog.c.e in Windows 2008 R2 Used the query list -to get security logs Added that in the module - started the server - everything is fine. I tested this in my Windows mahcine - to my Redhat server. Works. The issue happens when the Windows machine is registered to the domain. Once the service is started in windows, the syslog server creates host folders which include the Windows client name  as well as a bunch of other stuff. Such as Authlite, Process, 0 00 1  etc etc.. list goes on. Has anyone encountered this issue?  Kindly advise.   Additional information:  This issue only occurs with windows client - registered in the domain.      When the nxlog forwards information to my rsyslog server - (which uses the template dyn$ to create host folders)  I get folders with 0 00 Authlite ... etc etc.  Is there anyway to stop this of fix it.  Again it only happens with Windows client registered in the domain.  

lucaspro created
Replies: 1
View post »
last updated
Upgrade to 2.8 on Debian Wheezy
I am unable to find the dependencies for wheezy. apt-get -f install simply removes nxlog. My version of debian is : Linux chis-logcollector 2.6.32-5-amd64 #1 SMP Sun Sep 23 10:07:46 UTC 2012 x86_64 GNU/Linux Install pkg: nxlog-ce_2.8.1248_amd64.debian-wheezy.deb Is there a plan to include dependencies as this is a rather flaky way of installation? Thanks Ash Kumar

akumar created
Replies: 1
View post »
last updated
Issue with nxlog Windows service
Hello, It seems that there is some kind of conflict or bug in nxlog-ce-2.8.1248 (I'm not sure about earlier versions) where, upon boot, nxlog gets stuck in a loop initiating connections to a remote machine (Logstash in my case using om_tcp). I only became aware of this after installing nxlog on server that had the group policy "Audit Filtering Platform Connection" enabled on successful connections; this actually generated so many events that it filled up my elasticsearch cluster (I've attached a sample of the event the filled the cluster). The issue doesn't happen when nxlog service is configured for "Automatic (Delayed Start)". I hope this helps. Thanks

dev667 created
Replies: 4
View post »
last updated