I currently have the nxlog EE pulling IIS logs to a McAfee SIEM. The IIS logs are arriving fine from some devices, but others not. noticed during an incident that the IIS logs are in blue, which turns out that they are compressed. The other modules are working fine, the IIS module loads, there are no errors nor warnings given in the nxlog agent log, but no data gets collected.

Is there a different module to use, or a verbatim command to add to grab these compressed files?

AskedMay 17, 2021 - 7:33pm

Answer (1)