First time post so please go easy....
I have a simplet test Windows 2008 server with nxlog installed with the following config file.
define ROOT C:\Program Files (x86)\nxlog
Exec $Message = $raw_event;
Exec $SourceName = 'offline_testing';
Path file_in => file_transformer => file_out
I'm sending my logs to a syslog server running syslog-ng.
When the server is available, everything is good. What I write to the local Windows text file appears on the syslog-ng server.
I enable Windows firewall to simulate the syslog-ng server down.
I write to the local Windows text file and nothing appears in syslog-ng. As expected.
I remove the firewall rule and here is where my problem lies. I don't see what was written to the local text file while the syslog-ng was unavailable on the syslog-ng server.
If I start writing to the text file after disabling the firewall, I see the new stuff coming in but not what was written while the syslog server was "offline".
Can anybody help figure out why this is not working as expected?