Hi Tokred, Thanks a lot for your help. Already setup those in Windows machine. I'm going to test it.
I see. OK let me have a look on the Stream docs first. Once again thanks a lot, Tokred :-) On Sat, May 14, 2016 at 5:34 PM, <[email protected]> wrote: > Hi, > > correct, just set the same Graylog IP/port as NXLog target on all your > Windows machines. > > The Graylog input adds a "source" field to each message so you can see > from which machine the event came from. To filter the messages from your > input, have a look at the documentation of streams > <http://docs.graylog.org/en/2.0/pages/streams.html> - just setup e.g. one > stream per Windows machine and use the source field as filter criteria, so > you can view log events per machine. > > Best regards, tokred > > > On Friday, May 13, 2016 at 4:28:27 PM UTC+2, Arief Hydayat wrote: >> >> Hi Tokred, >> >> Thanks a lot for your reply. I'm not that familiar with the client-server >> communication but I'm understand from your explanation on: >> "No need to have a 1-to-1 relationship, i.e. you do not need a separate >> input per client. Just reuse a single Graylog input by configuring the same >> connection details on each Windows machine." So I just need to config same >> thing in the NXLog file in Windows right? >> >> Waiting for messages from an arbitrary number of clients mean like >> Many-to-1? >> In these case will be a lot of message coming in, Can I filter all those >> messages? So that I know where the source of those message coming from >> >> >> On Fri, May 13, 2016 at 7:27 PM, <[email protected]> wrote: >> >>> Maybe a misunderstanding from my side, but are you familiar with >>> client-server communication? A Graylog input acts as network service >>> (=server role) waiting for messages from an arbitrary number of clients. No >>> need to have a 1-to-1 relationship, i.e. you do not need a separate input >>> per client. Just reuse a single Graylog input by configuring the same >>> connection details on each Windows machine. >>> >>> Best regards, tokred >>> >>> >>> On Friday, May 13, 2016 at 11:26:29 AM UTC+2, Arief Hydayat wrote: >>>> >>>> Dear Jochen, >>>> >>>> Thanks for your reply. The bind address there mean the IP of our >>>> Graylog server IP? If I do so it will give the "Error starting this input: >>>> address already in use" >>>> >>>> Is there any other way instead of changing the listening port? Because >>>> maybe more client will be added. :-) >>>> >>>> On Friday, May 13, 2016 at 3:42:24 PM UTC+8, Jochen Schalanda wrote: >>>>> >>>>> Hi Arief, >>>>> >>>>> you have to provide a specific bind address for the input named >>>>> "FNIT-WIN-WEB01" and not the wildcard address 0.0.0.0. >>>>> >>>>> Alternatively, you can simply change the listening port of one of >>>>> those inputs. >>>>> >>>>> Cheers, >>>>> Jochen >>>>> >>>>> On Friday, 13 May 2016 04:17:46 UTC+2, Arief Hydayat wrote: >>>>>> >>>>>> >>>>>> <https://lh3.googleusercontent.com/-llvbD8PXEwQ/VzU5KcGEIiI/AAAAAAAAANM/uSsAui3a2HgbcWa7Uo0zn8na9rW_vPeowCLcB/s1600/both_inputs.PNG> >>>>>> Hi Graylog guru, >>>>>> >>>>>> I'm new to Graylog. Just trying to deploy the OVA appliance in >>>>>> VMWare. The one I deploy is *graylog-2.0.0-2.ova*. >>>>>> So far working fine. No more Graylog web interface is disconnected >>>>>> issue. I try to receive the message from Windows server client, so I >>>>>> install the NXLog into Windows servers and config the IP of the Graylog >>>>>> server in the NXLog.conf file, thru UDP and port 541. There 2 Windows >>>>>> server only, will be add few more later. >>>>>> >>>>>> On the Graylog web inteface side, I went to *Systems --> Inputs*, and* >>>>>> Launch new input* (Syslog UDP) to start receive the input. I've >>>>>> created 2 inputs but only 1 is currently running. Another 1 is faild to >>>>>> start. Maybe this is the basic question... >>>>>> >>>>>> 1. How to setup these inputs so that I could receive the message from >>>>>> those both Windows server? How to add more? >>>>>> 2. In the Launch new input, on the *bind_address*. Should I leave it >>>>>> default or should I put the Graylog server IP? >>>>>> >>>>>> Thanks you for your support. I'll wait for next feedback >>>>>> >>>>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Graylog Users" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/graylog2/X0074TElBmA/unsubscribe. >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/graylog2/eca13f9f-55c9-4e42-a0cb-613094580388%40googlegroups.com >>> <https://groups.google.com/d/msgid/graylog2/eca13f9f-55c9-4e42-a0cb-613094580388%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > You received this message because you are subscribed to a topic in the > Google Groups "Graylog Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/graylog2/X0074TElBmA/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/074f47ee-d845-44e8-9ea4-ed68ea98bcca%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/074f47ee-d845-44e8-9ea4-ed68ea98bcca%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAHKvR%3DfRGST9YUgzMLfmxf-LEcq-Esf-ThE%2B%2Beg-dVjSfJ2ptA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
