Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.
Windows SMTP Nxlog configuration
Overview:
This guide illustrates the process of how to ingest logs from the SMTP server.
Process:
Log in to the SMTP server:
- Use below mentioned nxlog config to configure SMTP logs (try to replace nxlog.conf whole file content from below config and provide CCE IP and log file path ):
##################################################
## This is a sample configuration file. See the nxlog reference manual about the
## Configuration options. It should be installed locally and is also available
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html
## Please set the ROOT to the folder your nxlog was installed into,
## Otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension syslog>
Module xm_syslog
</Extension>
<Input SMTP_In>
Module im_file
File "C:\\Windows\\System32\\LogFiles\\SMTPSVC1\\\ex*.log"
SavePos TRUE
Exec if $raw_event =~ /^#/ drop();
Exec $Message = $raw_event;
</Input>
<Output SMTP_Out>
Module om_udp
Host CCE_IP_ADDRESS
Port 514
Exec $SyslogFacilityValue = 2;
Exec $SourceName = 'ms_smtp';
Exec to_syslog_bsd();
</Output>
<Route SMTP>
Path SMTP_In=> SMTP_Out
</Route>
Verification:
STEP1: Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS .
STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .
STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.
Seceon Inc. All rights reserved. https://www.seceon.com