1
answer

Here at ABB Facts we have been using solarwinds forwarding client with Kiwi but the client is showing its age and no longer works properly.

I have set up nxlog as a replacement forwarder and it works fine but the priority is now set to Debug on all the windows events instead of Notice or Info as it was with the Solarwinds forwarder.

My conf file is very simple and shouldnt cause this problem. I have searched for a solution but without any luck.

Here is my conf file:

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension syslog>
Module xm_syslog
</Extension>

<Input internal>
Module im_internal
</Input>

<Input eventlog>
Module im_msvistalog
Query <QueryList>\
<Query Id="0">\
<Select Path="System">*</Select>\
<Select Path="Security">*</Select>\
</Query>\
</QueryList>
</Input>

<Output out>
Module om_udp
Host 10.250.254.19
Port 514
</Output>

AskedJanuary 11, 2019 - 4:24pm

Comments (1)

  • kenneth.karlsson's picture

    Thanks.

    This solved the problem.

    January 14, 2019 - 9:34am

Answer (1)

Assuming you want to send Syslog, see the Generating Syslog section in the User Guide. See e.g. Example 359. Forwarding BSD Syslog via UDP. Basically you'll need to add Exec to_syslog_bsd();.

To override the default severity and set to INFO use $SyslogSeverityValue = 6;

AnsweredJanuary 11, 2019 - 5:04pm