• Support
  • Forums
  • Blogs

NXlog agent installed but no events show up in the console

tt

We have a 2 week demo of the UTM product configured, discovery and vuln scans all work, so is connecting to Google Apps. But event forward with NXlogs do not work. How do we trouble shoot this?

Share post:

Comments

  • Greetings @t,

    Well, considering you have enabled the Nxlog plugin on the asset, there are a few steps you should follow to troubleshoot this issue: 
    1) Follow the instructions on this site:
    2) If the problem persists, run tcpdump command in your CLI on port 514 and check if you are receiving data from the asset through syslog.
    3) Check the /var/log/alienvault/devices/<asset_ip>/<asset_ip>.log file to see if the NXlogs exist.

    If the device log file contains the nxlogs and the events still don't show in your SIEM, it would most probably be a parsing issue.

    Best Regards
    Lord Odin
Sign In or Register to comment.