Hi team,
I was trying to collect logs from a file present in Windows server.
I found that certain fields like "port" were autogenerated and as per my best knowledge, I did not configure them. I wanted to know where it is being generated.
Also, while testing the filters, I once used "testlog" as the type field value in the Windows Event Log Input so that I would get logs with "type" field as "testlog". And then, I renamed the "type" field value from "testlog" to "evenlog", provided I verified, saved and applied it as global config.
I was expecting the field "type" to have value "eventlog" but still getting testlog. When none of my input and filter blocks make type as testlog, where is this value coming from
Please check with the following images for better understanding.
Kindly provide your inputs on this.
Thanks in advance
Cannot find the origin and configuration of certain fields
-
- Posts: 22
- Joined: Wed Sep 15, 2021 5:43 am
Cannot find the origin and configuration of certain fields
You do not have the required permissions to view the files attached to this post.
Re: Cannot find the origin and configuration of certain fiel
Hello @SuryanuSanyal
Thanks for reaching out, looks like you selected the option to retrieve the Windows Event Log from the Windows device Event messages.
When you select the option to retrieve logs from your Windows device utilizing the NXLOG CE client/agent which automatically uses port 3515. The other option to NXLOG (which by default uses port 3515) to send logs from a file to Nagios Log Server.
Appears that NXLOG is taking the file name that the Windows Event logs came from. You can rename the file and run the log file import.
Thanks,
Perry
Thanks for reaching out, looks like you selected the option to retrieve the Windows Event Log from the Windows device Event messages.
When you select the option to retrieve logs from your Windows device utilizing the NXLOG CE client/agent which automatically uses port 3515. The other option to NXLOG (which by default uses port 3515) to send logs from a file to Nagios Log Server.
Appears that NXLOG is taking the file name that the Windows Event logs came from. You can rename the file and run the log file import.
Code: Select all
# Watch your own files
<Input windowsfile>
Module im_file
File 'C:\path\to\target\testlog
SavePos TRUE
Exec $Message = $raw_event;
</Input>
Perry