Logs sent with a very long delay | Log collection solutions

#1 w4rh0und 2 years ago

I am pretty new to nxlog, so I lack some knowledge.

We have been using NXLog to send logs using sysmon to our IBM Qradar.

On a few machines, we've seen some logs that arrived today, but are from 1-2 weeks ago.

How exactly does NXLog keeps logs that have not been sent. Are there any steps we can use to investigate why these logs were sent with such a long delay?

In most cases it all works without a problem, but on very rare occasions we receive a few really old events.

Thank you

Permalink