When sending data to InsightIDR, you have to specify a unique port for each data source.  For example, on an AD DC, you need a unique port for security event logs, DNS logs, and DHCP logs.  As it currently appears, I would need a template or individual configuration on each system. To optimize/simplify this, is it possible to use FIELDS and PATTERNS in templates?  e.g. DC1_SecLog=<port 1000>, DC1_DNS=<port 1001>.  In the template reference a FIELD/PATTERN based on the agent info like hostname and/or tags?  

Just looking for a way to minimize the number of templates I have to manage.

Learning how to build out templates and I see in the documentation, that you there should be an option for “MASTER” or “SUB” template types as described here:  https://docs.nxlog.co/manager/current/templates/index.html

However, my new server (5.7.5935) does not have that option when creating a template.  Is there something that needs to be enabled or some set of actions before that becomes visible?

TEST

Hi all,

I have an issue when view agent internal logs "View Log" in NXLog Manager.

When I clicked on the View Log button, it will pop up error message as follow:

1. Error Executing the requested operation: Could not parse XML; nested exception is org.xml.sax.SAXParseException; lineNumber:x, columnNumber:x; Character reference "&#.

2. Error Executing the requested operation: Could not parse XML; nested exception is org.xml.sax.SAXParseException; lineNumber:x, columnNumber:x; The element type "SOAP-ENV:Envelope" must be terminated by matching end-tag"</SOAP-ENV:Envelope>"

Does anyone know what are those two errors about, and how should we fix it ? Where can we view / find the SOAP-ENV:Envelope or mentioned character from NXLog Manger?

Thanks.

Hello,

Is there a way for us to export the list of online, offline, error, or untrusted agent from NXLog Manager ? Is NXLog Manager able to send out notification of offline/error agent?

Thanks

I am trying to use the perl extension in Windows, but nxlog complains that it cannot find the xm_perl.dll. The complaint is correct, the file is not there. My question is why? Does the windows version not support using perl?