I have a feeling that graylog 2.4.0 is dropping events randomly. I am using nxlog with filter to ingest windows security audit logs, only sending specific events not all, i have default buffer set.
I can see more of bad password, account lockout events on server however the number doesn’t tally between server and graylog. Filter works but graylog isn’t showing all logs.
I don’t see any reference to nxlog dropping events in nxlog.log. The server which is sending the logs and graylog server has sufficient resources and no performance issues.
Is there a way to ascertain if nxlog is dropping events or graylog is dropping events?