Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.
Windows Event Logs
Hi Guys, I have a problem, I must to send the Event log a the LogCollecotr Linux, the problem is when Logcollector riceved the log, the formatting is much long, I want riceved an log so. Example Log LInux: " Jun 19 16:23:01 MSI su: pam_unix(su:session): session opened for user ema by (uid=0) " I can receive the log in this format?? Thank you.
Replies: 1View post »
Receiving Incomplete Windows Events
Hi, I am using NXLog's <Input MSEvtIN> module to forward Windows Event Logs to a syslog server. The problem I am facing is with MTU Size. The default MTU across is 1500 (i.e. 1472 Bytes actual length) But there are many events in windows which are much larger than 1472. Those events having length greater than 1472 bytes are getting truncated at 1472 and received partially on the syslog server. This is creating a problem for my SIEM to parse the logs. Can anyone please help me in diagnosing and resolving this? What I know about MTU is, if the packets are greater than 1472 bytes, MTU Fragmentation is used. I don't know how to enable this fragmentation setting in NXLog. ################ #============ Define ROOT here =================== #define ROOT C:\Program Files\nxlog define ROOT C:\Program Files (x86)\nxlog #============ NXLog Machine Log info ============= Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log #=========== For Windows Event Log =========== <Extension json> Module xm_json </Extension> <Input MSEvtIN> # For windows 2003 and earlier use the following: #Module im_mseventlog # For windows 2005 and later use the following: Module im_msvistalog Exec to_json(); </Input> <Output MSEvtOUT> Module om_udp Host DNIF-Adapter-IP Port 514 </Output> <Route 1> Path MSEvtIN => MSEvtOUT </Route>
Replies: 11View post »