user2672938
Reputation:
sysmon to nxlog logs nothing to file nor tcp
been trying to set up a windows host logfile with sysmon. This is succesful. Logging occurs in eventlogfile windows sysmon operational.
Step two is to get nxlog to read it and send it to a remote syslog server. But nothing happens. For troubleshooting I am trying to log to a local file also nothing.
here is my nxlog config file,
#define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel DEBUG
<Extension _syslog>
Module xm_syslog
</Extension>
<Input eventlog>
Module im_msvistalog
<QueryXML>
<QueryList>
<Query Id="0">
<Select Path="Microsoft-Windows-Sysmon/Operational">*</Select>
</Query>
</QueryList>
</QueryXML>
</Input>
<Output syslog>
Module om_tcp
Host 192.168.0.61
Port 514
Exec to_syslog_bsd();
</Output>
<Output file>
Module om_file
File 'C:\test\sysmon.json'
Exec to_json();
</Output>
<Route 1>
Path eventlog => syslog
</Route>
<Route 2>
Path eventlog => file
</Route>
all the log says is 2017-10-31 21:59:21 INFO nxlog-ce-2.9.1716 started 2017-10-31 21:59:21 INFO connecting to 192.168.0.61:514
But no logfile, no logging to tcp ..
Upvotes: 0
Views: 762
Answers (1)
b0ti
Reputation: 2329
I guess your syslog server does not accept the tcp connection which blocks the whole pipeline due to flow-control, including the other route that writes into the local file.
Upvotes: 0
Related Questions
- Syslog receives logs from Cisco Switch but doesn't log them
- Wix + log4net: Windows service not logging after service is installed
- NXLog Windows Events and Source
- NLog Logs not logging
- How to get rid of N/A from logs forwarded by nxlog?
- Forward .log file via nxlog to Graylog2 VM server
- C Syslog.h not writing the log
- syslog drops logs silently
- log4net - no log file produced
- Why log4net is not logging messages