Graylogs dropping events

v_2nas · February 3, 2018, 6:06am

Hi Team,

I have a feeling that graylog 2.4.0 is dropping events randomly. I am using nxlog with filter to ingest windows security audit logs, only sending specific events not all, i have default buffer set.

I can see more of bad password, account lockout events on server however the number doesn’t tally between server and graylog. Filter works but graylog isn’t showing all logs.

I don’t see any reference to nxlog dropping events in nxlog.log. The server which is sending the logs and graylog server has sufficient resources and no performance issues.

Is there a way to ascertain if nxlog is dropping events or graylog is dropping events?

regards,
Navdeep

jan · February 3, 2018, 1:27pm

it could be - but not should be.

you would found that dropping in the logfiles … and what transport did you use? maybe just UDP “loose” some messages?

v_2nas · February 9, 2018, 2:58am

I am using gelf TCP.

I have deleted the gelf nxlog input and added it again, given service a restart and now i am able to see the logs. probably something wrong with my filters.

system · February 23, 2018, 2:59am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Windows Event Log - Security Graylog Central (peer support)	3	2126	July 1, 2019
Graylog Dropped Messages Logging Graylog Central (peer support) sidecar , nxlog , nodatanx	2	1300	October 1, 2020
Some NXLog Messages dont seem to make it into Graylog Graylog Central (peer support)	2	689	September 5, 2018
NxLog configured but cannot see any logs on Greylog Graylog Central (peer support) sidecar , nxlog , winlogbeat , nodatanx	4	835	September 23, 2020
Missing some event viewer logs Graylog Central (peer support) sidecar , nxlog , nodatanx	8	2029	April 23, 2019

Graylogs dropping events

Related topics