Hi, correct, just set the same Graylog IP/port as NXLog target on all your Windows machines.
The Graylog input adds a "source" field to each message so you can see from which machine the event came from. To filter the messages from your input, have a look at the documentation of streams <http://docs.graylog.org/en/2.0/pages/streams.html> - just setup e.g. one stream per Windows machine and use the source field as filter criteria, so you can view log events per machine. Best regards, tokred On Friday, May 13, 2016 at 4:28:27 PM UTC+2, Arief Hydayat wrote: > > Hi Tokred, > > Thanks a lot for your reply. I'm not that familiar with the client-server > communication but I'm understand from your explanation on: > "No need to have a 1-to-1 relationship, i.e. you do not need a separate > input per client. Just reuse a single Graylog input by configuring the same > connection details on each Windows machine." So I just need to config same > thing in the NXLog file in Windows right? > > Waiting for messages from an arbitrary number of clients mean like > Many-to-1? > In these case will be a lot of message coming in, Can I filter all those > messages? So that I know where the source of those message coming from > > > On Fri, May 13, 2016 at 7:27 PM, <[email protected] <javascript:>> wrote: > >> Maybe a misunderstanding from my side, but are you familiar with >> client-server communication? A Graylog input acts as network service >> (=server role) waiting for messages from an arbitrary number of clients. No >> need to have a 1-to-1 relationship, i.e. you do not need a separate input >> per client. Just reuse a single Graylog input by configuring the same >> connection details on each Windows machine. >> >> Best regards, tokred >> >> >> On Friday, May 13, 2016 at 11:26:29 AM UTC+2, Arief Hydayat wrote: >>> >>> Dear Jochen, >>> >>> Thanks for your reply. The bind address there mean the IP of our Graylog >>> server IP? If I do so it will give the "Error starting this input: address >>> already in use" >>> >>> Is there any other way instead of changing the listening port? Because >>> maybe more client will be added. :-) >>> >>> On Friday, May 13, 2016 at 3:42:24 PM UTC+8, Jochen Schalanda wrote: >>>> >>>> Hi Arief, >>>> >>>> you have to provide a specific bind address for the input named >>>> "FNIT-WIN-WEB01" and not the wildcard address 0.0.0.0. >>>> >>>> Alternatively, you can simply change the listening port of one of those >>>> inputs. >>>> >>>> Cheers, >>>> Jochen >>>> >>>> On Friday, 13 May 2016 04:17:46 UTC+2, Arief Hydayat wrote: >>>>> >>>>> >>>>> <https://lh3.googleusercontent.com/-llvbD8PXEwQ/VzU5KcGEIiI/AAAAAAAAANM/uSsAui3a2HgbcWa7Uo0zn8na9rW_vPeowCLcB/s1600/both_inputs.PNG> >>>>> Hi Graylog guru, >>>>> >>>>> I'm new to Graylog. Just trying to deploy the OVA appliance in VMWare. >>>>> The one I deploy is *graylog-2.0.0-2.ova*. >>>>> So far working fine. No more Graylog web interface is disconnected >>>>> issue. I try to receive the message from Windows server client, so I >>>>> install the NXLog into Windows servers and config the IP of the Graylog >>>>> server in the NXLog.conf file, thru UDP and port 541. There 2 Windows >>>>> server only, will be add few more later. >>>>> >>>>> On the Graylog web inteface side, I went to *Systems --> Inputs*, and* >>>>> Launch new input* (Syslog UDP) to start receive the input. I've >>>>> created 2 inputs but only 1 is currently running. Another 1 is faild to >>>>> start. Maybe this is the basic question... >>>>> >>>>> 1. How to setup these inputs so that I could receive the message from >>>>> those both Windows server? How to add more? >>>>> 2. In the Launch new input, on the *bind_address*. Should I leave it >>>>> default or should I put the Graylog server IP? >>>>> >>>>> Thanks you for your support. I'll wait for next feedback >>>>> >>>> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Graylog Users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/graylog2/X0074TElBmA/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/graylog2/eca13f9f-55c9-4e42-a0cb-613094580388%40googlegroups.com >> >> <https://groups.google.com/d/msgid/graylog2/eca13f9f-55c9-4e42-a0cb-613094580388%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/074f47ee-d845-44e8-9ea4-ed68ea98bcca%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
