Hello All,
Im using nxlog on my Windows Server 2022 to send security event logs to my graylog instance, which works totally fine itself with this nxlog config:
Sadly this didnt work (i know there is a diffierent IP in this config, im aware it was just to test if it even creates the buffer logfile locally) and I get following errors:
I did my research but didnt find anything helping in my regard.
Is it better to use the “om_file” module or do i need to create another output for the buffer?
@Wine_Merchant
I now know why it didn’t work for me, BufferSize or the Buffer Module in general is a Enterprise only feature, while im using the community edition.
And since the older MaxSize Parameter doesnt exist anymore for om_file, im not able to limit the files Size
If you are sending windows events you dont reallg need a buffer, it keeps track of which events were sent so the windows event log is the buffer.
Also dont send over syslog, send output over GELF to a graylog GELF input and then you wont need to parse the message because it will be sent as structured data.
@Joel_Duffield Thanks for the information, i thought i needed buffering, because when i restarted my graylog server yesterday i had a buffer where no logs where sent about 10mins.
That could be a few things, it could actually be the syslog output just sending things blindly and not checking to make sure they are delivered, ive never seen that issue with the gelf output over tcp.