The result is an etl file, which cannot be read from the eventlog with im_msvistalog configuration from LPAgent. etl cannot be read with the im_msvistalog plugin of LPAgent.
I have read that there is an NXLOG EE plugin im_etw out there which should be able to handle this file type, but we do not have the NXLog Enterprise Subscription.
Is there any other option to collect the dns query logs from the server and import them into LogPoint?
Is ther e any the best practice to handle windows dns server query logs (without using NXLOG EE)?
Kind regards Uwe
Page 1 / 1
Hello,
Unfortunately, ETL files are actually not trivial to read, and neither LPAgent nor AgentX can. There were some priliminary investigations, and there is a feature request, but out of the box, we can only read the textual debug log files.
I believe nxlog is one of the few solutions that can process the ETL files (although I haven’t seen it in action) - the relevant module isn’t part of the nxlog license that we can provide, so it would most likely need a purchase through them.
Of course once nxlog processes the log file and sends it to us we can normalise it - we might already be able to do that and if not we could create it quickly.
Hi I’m getting DNS in with the Nxlog agent from the DNS.log file just fine, configurer DNS server to create log, and pull it off.
# Note that these two lines define constants only; the log file location # is ultimately set by the `LogFile` directive (see below). The # `MYLOGFILE` define is also used to rotate the log file automatically # (see the `_fileop` block). define LOGDIR %ROOT%\data define MYLOGFILE %LOGDIR%\nxlog.log
# By default, `LogFile %MYLOGFILE%` is set in log4ensics.conf. This # allows the log file location to be modified via NXLog Manager. If you # are not using NXLog Manager, you can instead set `LogFile` below and # disable the `include` line. LogLevel INFO LogFile %MYLOGFILE% #include %CONFDIR%\log4ensics.conf
<Extension _syslog> Module xm_syslog </Extension>
<Extension _json> Module xm_json </Extension>
# This block rotates `%MYLOGFILE%` on a schedule. Note that if `LogFile` # is changed in managed.conf via NXLog Manager, rotation of the new # file should also be configured there. <Extension _fileop> Module xm_fileop
# Check the size of our log file hourly, rotate if larger than 5MB <Schedule> Every 1 hour <Exec> if ( file_exists('%MYLOGFILE%') and (file_size('%MYLOGFILE%') >= 5M) ) { file_cycle('%MYLOGFILE%', 8); } </Exec> </Schedule>
# Rotate our log file every week on Sunday at midnight <Schedule> When @weekly Exec if file_exists('%MYLOGFILE%') file_cycle('%MYLOGFILE%', 8); </Schedule> </Extension>
Thanks for describing that - I probably should have made it clearer in my original response that Dns debug log files work fine in our nxlog version (and indeed the Logpoint Agent and AgentX), it’s the Event Tracing ETL files that are problematic.
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative.
Only visiting? Login with LinkedIn to gain read–access.
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative.
Only visiting? Login with LinkedIn to gain read–access.
