0
answers

I have nxlog 2.10.1542 on centos 7.6
I am sending rfc 3195 events to the nxlog for forward to a siem
A snippet of the log that captures the error event is seen below.

2019-05-01 08:34:32 DEBUG evaluating expression 'field' at /opt/tap-nxlog/conf/nxlog.conf:128
2019-05-01 08:34:32 DEBUG evaluating expression 'field' at /opt/tap-nxlog/conf/nxlog.conf:129
2019-05-01 08:34:32 DEBUG successfully got priority

2019-05-01 08:34:32 DEBUG date is logver=600000267 timestamp=1556692474 tz="UTC+2" devname="FW-NCH-FGT600E-1" devid="<REDACATED>" vd="root" date=2019-05-01 time=08:34:34 logid="1059028705" type="utm" subtype="app-ctrl" eventtype="app-ctrl-all" level="warning" eventtime=1556692474 appid=40169 srcip=devid="<REDACATED> dstip=216.58.211.142 srcport=57244 dstport=443 srcintf="x2" srcintfrole="dmz" dstintf="x2" dstintfrole="dmz" proto=17 service="udp/443" direction="outgoing" policyid=3 sessionid=12692393 applist="sniffer-profile" appcat="Network.Service" app="QUIC" action="block" incidentserialno=1737302560 msg="Network.Service: QUIC," apprisk="low"

2019-05-01 08:34:32 DEBUG in nx_date_parse
2019-05-01 08:34:32 DEBUG in vpn parsing
2019-05-01 08:34:32 DEBUG if loop errored and return bad date
2019-05-01 08:34:32 DEBUG parse_vpn failed
2019-05-01 08:34:32 DEBUG not correct date

From what I am seeing the date matches from the event and the debug logging. additionally the epoch time "Wednesday, May 1, 2019 6:34:34 AM" from the event also seems to match.
Any thoughts would be appreciated.
Thanks in advance
Adam

AskedMay 14, 2019 - 6:26pm

Answers (0)