Unable to see logs on console


#1

After installing nxlog on a Windows machine to send logs to DNIF server pc, the logs can be found to be received in var/log/syslog .

However, the query ‘_fetch * from event where $DevSrcIP=192.168.1.2 AND $Duration=1d limit 100’ does not show any results even after integrating WindowsNXLog package from repository.


#2

Hi @Jatin_Bajaj, are you sure the device has been configured properly to forward data to your DNIF instance? Have look at the Integration guide: Microsoft Sysmon


#3

Hi Riccardo,
I have checked the configurations of sysmon as well as nxlog and they are OK. The issue still persists. Please help provide a solution for the same.


#4

Hi @Jatin_Bajaj - If I can understand correctly - are you forwarding the data to the DNIF IP or into some folder on your machine? Are you sure the nxlog.conf file has been updated properly?
Request you to please follow the steps as mentioned in the help guide: here

: 08%20PM