Recently I've been going about trying to test Nxlog EE trial (most recent version) on Windows endpoint devices. A big issue I've been experiencing is when unclean shutdowns occur, there's a chance some events from the host do not send once booted back up (I'm sending them via TCP to a collector and ReadFromLast and Flow Control should be on by default). I've gone back through some of the logs I thought were lost and noticed that about a week later, some of these events finally sent over (the host was still sending other logs and was active throughout the week). Has anyone else experienced difficulties with losing events/delayed events on Windows endpoints with nxlog? Any help would be much appreciated.

AskedMay 30, 2019 - 4:27pm

Answer (1)