Thursday, September 30, 2021

nxlog conf file

 My nxlog.conf file for the lab


///////////////////////////////////////////////////////////////


Panic Soft

#NoFreeOnExit TRUE


define ROOT     C:\Program Files (x86)\nxlog

define CERTDIR  %ROOT%\cert

define CONFDIR  %ROOT%\conf

define LOGDIR   %ROOT%\data

define LOGFILE  %LOGDIR%\nxlog.log

LogFile %LOGFILE%


Moduledir %ROOT%\modules

CacheDir  %ROOT%\data

Pidfile   %ROOT%\data\nxlog.pid

SpoolDir  %ROOT%\data


<Extension _gelf>

    Module      xm_gelf

</Extension>

<Input from_eventlog>

    Module      im_msvistalog

    ReadFromLast FALSE

    SavePos      TRUE

</Input>

<Output out>

    Module      om_udp    

    Host        192.168.1.2

    Port        12201

    #Exec       to_syslog_snare();

    OutputType  GELF

</Output>

<Route 1>

    Path from_eventlog => out

</Route>


<Extension _fileop>

    Module      xm_fileop


    # Check the size of our log file hourly, rotate if larger than 5MB

    <Schedule>

        Every   1 hour

        Exec    if (file_exists('%LOGFILE%') and \

                   (file_size('%LOGFILE%') >= 5M)) \

                    file_cycle('%LOGFILE%', 8);

    </Schedule>


    # Rotate our log file every week on Sunday at midnight

    <Schedule>

        When    @weekly

        Exec    if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);

    </Schedule>

</Extension>


Posted by at No comments:
Labels:

Monday, September 27, 2021

Graylog Notes

I'm using the Graylog OVA, imported into VirtualBox

I'm setting up a syslog UDP input on Graylog 

Need to redirect port 514 to port 1514

sudo iptables -t nat -A PREROUTING -p udp --dport 514 -j REDIRECT --to-port 1514



Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)