Graylogs dropping events

Hi Team,

I have a feeling that graylog 2.4.0 is dropping events randomly. I am using nxlog with filter to ingest windows security audit logs, only sending specific events not all, i have default buffer set.

I can see more of bad password, account lockout events on server however the number doesn’t tally between server and graylog. Filter works but graylog isn’t showing all logs.

I don’t see any reference to nxlog dropping events in nxlog.log. The server which is sending the logs and graylog server has sufficient resources and no performance issues.

Is there a way to ascertain if nxlog is dropping events or graylog is dropping events?

regards,
Navdeep

it could be - but not should be.

you would found that dropping in the logfiles … and what transport did you use? maybe just UDP “loose” some messages?

I am using gelf TCP.

I have deleted the gelf nxlog input and added it again, given service a restart and now i am able to see the logs. probably something wrong with my filters.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.