I am trying to use nxlog to read from a text file and send to a syslog collector from Rapid7.
I have read through Rapid7's documentation found at https://insightidr.help.rapid7.com/docs/nxlog
I have verified that the input is working by outputting to a text file and verifying there was output, but it will not output to syslog.
This is traversing a firewall and I have the proper rules in place, I can also see that the traffic is not getting to the firewall as there are no packets dropped or captured at the firewall so my only logical conclusion is nxlog is not sending the output to syslog.
ICMP (Ping) traffic goes through the firewall so there is connectivity.
Is there a debug log mode for nxlog where I can get more details on what is happening.
Here is my config file:
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log
AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
if $raw_event =~ /^#. drop();
Path Ping_Audit => Rapid7_5004
# Check the size of our log file hourly, rotate if larger than 5MB
Every 1 hour
Exec if (file_exists('%LOGFILE%') and \
(file_size('%LOGFILE%') >= 5M)) \
# Rotate our log file every week on Sunday at midnight
Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);