answer
I am using om_tcp for forwarding Windows logs to a SIEM system. What will be the expected behavior of nxlog if e.g. a firewall blocks the TCP connections from the nxlog agent to the SIEM? Is there any potential danger in nxlog buffering outgoing logs so that large amounts of memory or disk space would be consumed on the sending host while the connections get blocked?
Comments (2)
So, om_tcp instance will "remember" last position in log file, and resume reading at this position after network connection to SIEM/syslog server is restored again ?
Yes, but im_file does that.