Compress the Windows eventlog during the tranmission

Post a different question
2
responses

Hi,

I want to use nxlog to collect the windows eventlog, gzip the log and transform it to logstash for further processing. Is it possible to include all the steps into one pipeline?

e.g.,
Input module -> Collect eventlog (im_msvistalog)
Output module -> Compress the log (xm_zlib) and send it to Logstash (om_tcp)

Thank you.

Best regards,
Steven

AskedOctober 15, 2021 - 9:25am

Answer (1)

Hey,

Unfortunately, compression is absent in NXLog Community Edition. So far, it's present in NXLog Enterprise Edition with xm_zlib module, providing gzip compression..

Other than that - may I ask what kind of processing you want to perform in Logstash? Perhaps you could avoid it and reach the same goal without employing additional tools?

Best regards,
Raf

AnsweredOctober 20, 2021 - 8:46am

Comments (1)

  • steven.su's picture

    Hi Raf,

    Sorry for the late reply. We are using the enterprise trail edition. We want to zip the log and send the log from NXLog to Logstash through TLS. And then we could unzip the log in Logstash and perform enrichment and other processing steps. So it seems that NXLog is not able to directly send the Windows log in gzip format in this TCP connection. Please correct me if I were wrong. Thank you.

    Best regards,
    Steven

    October 28, 2021 - 10:43am