1
answer

Hello, I have a WEC server receiving the logs form my network computers, in this server I have the NXLog community edition to forward this logs, but in the exabeam analytics does not see logs from the machines the login and log out, I feel that the nxlogs does not forward all events, Do I need to use other version of client or what else should I do to verify if is send the full log?

Regards

Ben

AskedJuly 22, 2019 - 6:56am

Answer (1)

NXLog CE and EE will not filter events unless you tell it to. All logged events should be forwarded. You can verify this by creating a secondary Output using om_file, and then look for the events in the file. If this is successful then the next step would be to verify the events made it to the wire with tcpdump or wireshark (or similar).
If those fail, then it would be useful to see the configs in order to check if anything could be impacting delivery of those events.

AnsweredJuly 22, 2019 - 7:01pm