Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.
Anyone using NXLog to send WIndows Events to Azure's Log Analytics
slaterun1234 created
Is Anyone using NXLog to send Windows Events to Azure's Log Analytics, replacing Microsoft's OMS\MMA agent?
The MS MMA agent is very limited on its outbound filtering, so NXLog is being considered.
If someone is successful doing this, a example of the config file would be awesome.
Thanks.
slaterun1234 created
Azure Sentinel Add-On
rp25818 created
Any roadmap to create a specific Add-On for Azure Sentinel. It looks like a great fit since they are leveraging Logstash and fluentd as recommendations and those are not the easiest items to manage at scale.
rp25818 created
ERROR apr_file_write failed in om_exec on windows os when try to send logs to Azure Log Analytics
Anton.I created
Hello,
I'm trying configure NXlog CE (installed on windows server 2012r2) to collect syslog (from cisco asa), saving it to file and send to Azure Log Analytics (aka Microsoft OMS). In first step I try to collect syslog, convert to json and saving it to file. It's work well. For the next i installed last Pyton (3.8) and check that all libs installed. After that I changed the nxlog.conf according to the manual (https://nxlog.co/documentation/nxlog-user-guide/azure-oms.html#forwarding-data-to-log-analytics).
Buy NXlog gives me the following error:
ERROR apr_file_write failed in om_exec; The pipe is being closed.
How can I fix this error?
My nxlog.conf:
Panic Soft
#NoFreeOnExit TRUE
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log
define JSONLOGFILE C:\Program Files (x86)\nxlog\data\json.txt
LogFile %LOGFILE%
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension _charconv>
Module xm_charconv
AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
</Extension>
<Extension _exec>
Module xm_exec
</Extension>
<Extension _fileop>
Module xm_fileop
# Check the size of our log file hourly, rotate if larger than 5MB
<Schedule>
Every 1 hour
Exec if (file_exists('%LOGFILE%') and \
(file_size('%LOGFILE%') >= 5M)) \
file_cycle('%LOGFILE%', 8);
</Schedule>
# Rotate our log file every week on Sunday at midnight
<Schedule>
When @weekly
Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
</Schedule>
</Extension>
<Extension json>
Module xm_json
</Extension>
<Input udp>
Module im_udp
Port 514
Host 192.168.1.2
Exec parse_syslog(); to_json();
</Input>
<Output file>
Module om_file
File '%JSONLOGFILE%'
</Output>
<Output azure_oms>
Module om_exec
Command "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Launcher\\py.exe"
Arg "C:\Program Files (x86)\nxlog\oms-pipe.py"
</Output>
<Route udp_to_file_and_oms>
Path udp => file, azure_oms
</Route>
My configuration is different from the example in manual in the "Output azure_oms" part. If use this part as in the manual an error appears:
<Output azure_oms>
Module om_exec
Command oms-pipe.py
Exec to_json();
</Output>
Error:
ERROR couldn't execute process oms-pipe.py; The system cannot find the file specified.
Please help me fix this error.
Anton.I created
NXLog as a collector for Azure App Service Logs for SIEMS
EdB created
Hi all,
I am new here, so hello.
I am trying to work out a solution to collect IIS Access Log data from Azure App Services and then forward to a SIEM such as Splunk, Loggly or ElasticSearch for Security analysis, Anomoly identification and alerting.
As far I can see NXLog may provide the link between the Azure Access Logs and my chosen SIEM. Am I right? I would prefer to not get into rewriting of code, hence my interest in NXLog. In addition it appears that NXL:og seems to be widely supported by SIEM tools.
With regards to implementation, would I be correct in thinking that one needs to setup a Linux or WIndows VM on Azure with NXLog running on it. I am trying to avoid onprem installs.
In conclusion, I would welcome your advice on how I could use NXLog as a simple collector and forwarder of Access data. One final word, the Access Logs are currently stored in Azure Storage Blobs, although I could go back to storing them in the File System.
Thanks.
EdB created