Nagios Support Forum

Our log server was receiving logs for the last 21 days. I went tried a lot of things but couldn't fix so finally I restarted the Nagios log and it somehow fixed the issue.
Now I can see new logs are coming in from windows servers.
However, I am missing logs from 1st Dec to 21 Dec. I can still see these logs in the windows event log. how can I forward these old logs to Nagios?

Hi,

One option would be to export the Windows Event log data to a file and then add a Windows File source to pull that data in. In the Nagios Log Server Interface, go to Add Log Source > File Monitoring > Windows Files for instructions.

See:
How to Export Windows Event Logs

Let me know if you have any questions or need assistance.

Benjamin

I exported logs from windows event viewer. it created .evtx file.
then I modified nxlog.conf file like below.

# Watch your own files
<Input file1>
Module im_file
File '%ROOT%\data\nxlog.log'
SavePos TRUE
Exec $Message = $raw_event;
</Input>
<Input file2>
Module im_file
File 'C:\Program Files (x86)\nxlog\data\Security_Logs.evtx'
SavePos TRUE
Exec $Message = $raw_event;
</Input>
.
.
.
<Route 1>
Path internal, file1, eventlog => out
Path internal, eventlog, Security_Logs => out
</Route>

then I went to a dashboard to check if I have received logs but it is not displaying in graph and log table.
have I added wrong entries in nxlog.conf file?

Hi @nitin.patil,

Let's try to add the input names that just created to the path line in the bottom of the nxlog.conf, for example: Then open services.msc and restart the nxlog service and check the dashboard for results. The following guide has detailed steps on the setup process.

Configuring NXLog To Send Additional Log Files

Hope that helps and let us know if you get it working.

Benjamin