We are using Graylog2 v1.3.4 with Graylog Collector 0.4.1 to grab logs from our Windows machines. I have noticed an issue where some log entries are being replaced with the word "Empty" in the message field (all the other fields are correct). These are valid log entries which are not empty; valuable information is being lost. I am looking to upgrade our collectors to NXLog as that seems to be the way things are headed. But in the meantime I am curious if anyone knows of this issue, or can spot a problem with my collector.conf which is posted below:
server-url = "http://logs.MYSITE.com:12900/"; > inputs { > win-eventlog-application { > type = "windows-eventlog" > source-name = "Application" > poll-interval = "1s" > } > win-eventlog-system { > type = "windows-eventlog" > source-name = "System" > poll-interval = "1s" > } > win-eventlog-security { > type = "windows-eventlog" > source-name = "Security" > poll-interval = "1s" > } > } > outputs { > gelf-tcp { > type = "gelf" > host = "logs.MYSITE.com" > port = 12201 > } > } Any suggestions are appreciated - why are valid Event Logs showing up in Graylog replaced with the word "Empty"? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b8249566-4190-499d-85d2-f50bf7ec7293%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
