1
response

Hi, 

I really would like some assistance in the forum - 

Here is the scenario:

Installed nxlog.c.e in Windows 2008 R2

Used the query list -to get security logs

Added that in the module - started the server - everything is fine.

I tested this in my Windows mahcine - to my Redhat server.

Works.

The issue happens when the Windows machine is registered to the domain.

Once the service is started in windows, the syslog server creates host folders which include the Windows client name  as well as a bunch of other stuff.

Such as Authlite, Process, 0 00 1  etc etc.. list goes on.

Has anyone encountered this issue?  Kindly advise.  

Additional information: 

This issue only occurs with windows client - registered in the domain.     

When the nxlog forwards information to my rsyslog server - (which uses the template dyn$ to create host folders)  I get folders with 0 00 Authlite ... etc etc.

 Is there anyway to stop this of fix it.  Again it only happens with Windows client registered in the domain.  

AskedOctober 7, 2014 - 9:41am

Answer (1)

The directories are created by your rsyslog because it cannot parse the data sent from nxlog properly.

Make sure the data sent to your rsyslog server is syslog, i.e. use to_syslog_bsd().