Is Anyone using NXLog to send Windows Events to Azure's Log Analytics, replacing Microsoft's OMS\MMA agent? The MS MMA agent is very limited on its outbound filtering, so NXLog is being considered. If someone is successful doing this, a example of the config file would be awesome. Thanks.

Any roadmap to create a specific Add-On for Azure Sentinel. It looks like a great fit since they are leveraging Logstash and fluentd as recommendations and those are not the easiest items to manage at scale.

Hello, I'm trying configure NXlog CE (installed on windows server 2012r2) to collect syslog (from cisco asa), saving it to file and send to Azure Log Analytics (aka Microsoft OMS). In first step I try to collect syslog, convert to json and saving it to file. It's work well. For the next i installed last Pyton (3.8) and check that all libs installed. After that I changed the nxlog.conf according to the manual (https://nxlog.co/documentation/nxlog-user-guide/azure-oms.html#forwarding-data-to-log-analytics). Buy NXlog gives me the following error: `ERROR apr_file_write failed in om_exec; The pipe is being closed.` How can I fix this error? My nxlog.conf: Panic Soft #NoFreeOnExit TRUE define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log define JSONLOGFILE C:\Program Files (x86)\nxlog\data\json.txt LogFile %LOGFILE% Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data Module xm_syslog Module xm_charconv AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32 Module xm_exec Module xm_fileop # Check the size of our log file hourly, rotate if larger than 5MB Every 1 hour Exec if (file_exists('%LOGFILE%') and \ (file_size('%LOGFILE%') >= 5M)) \ file_cycle('%LOGFILE%', 8); # Rotate our log file every week on Sunday at midnight When @weekly Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8); Module xm_json Module im_udp Port 514 Host 192.168.1.2 Exec parse_syslog(); to_json(); Module om_file File '%JSONLOGFILE%' Module om_exec Command "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Launcher\\py.exe" Arg "C:\Program Files (x86)\nxlog\oms-pipe.py" Path udp => file, azure_oms My configuration is different from the example in manual in the "Output azure_oms" part. If use this part as in the manual an error appears: Module om_exec Command oms-pipe.py Exec to_json(); Error: `ERROR couldn't execute process oms-pipe.py; The system cannot find the file specified. ` Please help me fix this error.

Hi all,

I am new here, so hello.

I am trying to work out a solution to collect IIS Access Log data from Azure App Services and then forward to a SIEM such as Splunk, Loggly or ElasticSearch for Security analysis, Anomoly identification and alerting.

As far I can see NXLog may provide the link between the Azure Access Logs and my chosen SIEM. Am I right? I would prefer to not get into rewriting of code, hence my interest in NXLog. In addition it appears that NXL:og seems to be widely supported by SIEM tools.

With regards to implementation, would I be correct in thinking that one needs to setup a Linux or WIndows VM on Azure with NXLog running on it. I am trying to avoid onprem installs.

In conclusion, I would welcome your advice on how I could use NXLog as a simple collector and forwarder of Access data. One final word, the Access Logs are currently stored in Azure Storage Blobs, although I could go back to storing them in the File System.

Thanks.