Our log server was receiving logs for the last 21 days. I went tried a lot of things but couldn't fix so finally I restarted the Nagios log and it somehow fixed the issue.
Now I can see new logs are coming in from windows servers.
However, I am missing logs from 1st Dec to 21 Dec. I can still see these logs in the windows event log. how can I forward these old logs to Nagios?
forward old logs from windows server to Nagios
-
nitin.patil
- Posts: 2
- Joined: Mon Dec 21, 2020 4:40 am
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: forward old logs from windows server to Nagios
Hi,
One option would be to export the Windows Event log data to a file and then add a Windows File source to pull that data in. In the Nagios Log Server Interface, go to Add Log Source > File Monitoring > Windows Files for instructions.
See:
How to Export Windows Event Logs
Let me know if you have any questions or need assistance.
Benjamin
One option would be to export the Windows Event log data to a file and then add a Windows File source to pull that data in. In the Nagios Log Server Interface, go to Add Log Source > File Monitoring > Windows Files for instructions.
See:
How to Export Windows Event Logs
Let me know if you have any questions or need assistance.
Benjamin
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
nitin.patil
- Posts: 2
- Joined: Mon Dec 21, 2020 4:40 am
Re: forward old logs from windows server to Nagios
I exported logs from windows event viewer. it created .evtx file.
then I modified nxlog.conf file like below.
# Watch your own files
<Input file1>
Module im_file
File '%ROOT%\data\nxlog.log'
SavePos TRUE
Exec $Message = $raw_event;
</Input>
<Input file2>
Module im_file
File 'C:\Program Files (x86)\nxlog\data\Security_Logs.evtx'
SavePos TRUE
Exec $Message = $raw_event;
</Input>
.
.
.
<Route 1>
Path internal, file1, eventlog => out
Path internal, eventlog, Security_Logs => out
</Route>
then I went to a dashboard to check if I have received logs but it is not displaying in graph and log table.
have I added wrong entries in nxlog.conf file?
then I modified nxlog.conf file like below.
# Watch your own files
<Input file1>
Module im_file
File '%ROOT%\data\nxlog.log'
SavePos TRUE
Exec $Message = $raw_event;
</Input>
<Input file2>
Module im_file
File 'C:\Program Files (x86)\nxlog\data\Security_Logs.evtx'
SavePos TRUE
Exec $Message = $raw_event;
</Input>
.
.
.
<Route 1>
Path internal, file1, eventlog => out
Path internal, eventlog, Security_Logs => out
</Route>
then I went to a dashboard to check if I have received logs but it is not displaying in graph and log table.
have I added wrong entries in nxlog.conf file?
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: forward old logs from windows server to Nagios
Hi @nitin.patil,
Let's try to add the input names that just created to the path line in the bottom of the nxlog.conf, for example:
Then open services.msc and restart the nxlog service and check the dashboard for results. The following guide has detailed steps on the setup process.
Configuring NXLog To Send Additional Log Files
Hope that helps and let us know if you get it working.
Benjamin
Let's try to add the input names that just created to the path line in the bottom of the nxlog.conf, for example:
Code: Select all
<Route 1>
Path internal, eventlog, file1, file2 => out
</Route>
Configuring NXLog To Send Additional Log Files
Hope that helps and let us know if you get it working.
Benjamin
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!