2
responses

Hi!

We have nxlog ce running in a Windows machine. It works ok.
- If time is changed to the future, it continues forwarding logs.
- However, if time is changed to the past, logs are not forwarded anymore. This affects to logs from windows events, from a text file, etc.

It seems that nxlog is filtering the logs and that logs with a previous time than others received are discarded. Logs are forwarded again if nxlog service is restarted (this seems to be doing a 'reset' on expected time)
Do you know how could we avoid this?

AskedAugust 31, 2022 - 9:05am

Comments (2)

  • Klevin's picture
    (NXLog)

    Hello Sir,

    May i ask if there is any specific reason you change the date of the machine?
    What specific data do you need to re-gather?

    Sincerely
    Klevin

  • juanjo's picture

    Hi Klevin,

    Thanks for your reply.
    The reason is that we want to the system to be robust against time changes in that machine. It mainly comes from cyber security requirements. Someone could change time backwards, to the past, and then logs of modifications on that machine would not be sent (that could also be done stopping nxlog service :) ).
    There is different data to be re-gathered: logs from a log file from an antivirus, from a backup application, windows system events information, etc.

    nxlog continues logging if the time is changed to the future; but if time is changed to the past, logs are not forwarded anymore.

    Best regards,
    Juanjo

Answers (0)