Nagios Support Forum

Hello Nagios Log Support

We've configured NXlog client on Windows 2016, but no logs shipped to Nagios Log

Conf file attached.

If your goal is to only send those specific event IDs you want to use the logical AND and not the OR:

Exec if not ($EventID == 4624 AND $EventID == 4634 AND $EventID == 4648 AND $EventID == 4672) drop();

cdienger wrote:If your goal is to only send those specific event IDs you want to use the logical AND and not the OR:

Exec if not ($EventID == 4624 AND $EventID == 4634 AND $EventID == 4648 AND $EventID == 4672) drop();

I am not getting ANY logs through
- all other LOG shpping installs for Events use OR (AND means combined?)

Not getting ANY logs would make sense with this logic. For example, say event 4624 came in, the first part:

$EventID == 4624

would evaluate to true, but the rest of the line would still be executed:

$EventID == 4634

would evaluate to false because 4624 !=4634. The action would then be to drop();

cdienger wrote:Not getting ANY logs would make sense with this logic. For example, say event 4624 came in, the first part:

$EventID == 4624

would evaluate to true, but the rest of the line would still be executed:

$EventID == 4634

would evaluate to false because 4624 !=4634. The action would then be to drop();

Log shipping still not happenning (changed CONF file even so that all other CONF files we had successfully worked with "OR" instead)

Can you share the current config for us to review?

I see you've opened a ticket. We'll close this thread and continue to work through the ticket.