This is my nxlog config
## This is a sample configuration file. See the nxlog reference manual
about the
## configuration options. It should be installed locally and is also
available
## online at http://nxlog.org/docs/
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension _syslog>
Module xm_syslog
</Extension>
<Input in>
Module im_msvistalog
# For windows 2003 and earlier use the following:
# Module im_mseventlog
</Input>
<Output out>
Module om_tcp
Host 52.207.254.128
Port 12201
# Exec to_syslog_snare();
</Output>
<Route 1>
Path in => out
</Route>
On Tuesday, 24 May 2016 18:23:16 UTC+5:30, Marius Sturm wrote:
>
> In this scenario I would start with nxlog only. You don't need necessarily
> the sidecar for a first experiment. Just start nxlog with a proper
> configuration and see if you receive events in Graylog.
>
> On 24 May 2016 at 14:42, rvb n <[email protected] <javascript:>>
> wrote:
>
>> Hi
>>
>> I know am disturbing you , but i have no option sorry, i am very new to
>> graylog so pls help me. as you said i have changed config in nxlog after
>> that am getting this error.
>>
>> 016-05-24 18:07:12 ERROR failed to open C:\Program Files
>> (x86)\graylog\collector-sidecar; Access is denied.
>> 2016-05-24 18:07:20 ERROR failed to open C:\Program Files
>> (x86)\graylog\collector-sidecar; Access is denied.
>> 2016-05-24 18:07:36 ERROR failed to open C:\Program Files
>> (x86)\graylog\collector-sidecar; Access is denied.
>> 2016-05-24 18:08:08 ERROR failed to open C:\Program Files
>> (x86)\graylog\collector-sidecar; Access is denied.
>> 2016-05-24 18:09:12 ERROR failed to open C:\Program Files
>> (x86)\graylog\collector-sidecar; Access is denied.
>>
>>
>> On Tuesday, 24 May 2016 17:43:15 UTC+5:30, Marius Sturm wrote:
>>>
>>> Hi,
>>> you have to start an input on the Graylog AMI by going to System ->
>>> Inputs. You can take a Gelf-TCP input for example. And then configure nxlog
>>> to send to the AMI IP like:
>>>
>>> <Output out>
>>> Module om_tcp
>>> Host 52.207.254.128
>>> Port 12201
>>> OutputType GELF_TCP
>>> </Output>
>>>
>>> Make sure that the port 12201 is open from your local machine by setting
>>> the security group right in EC2.
>>>
>>> On 24 May 2016 at 13:39, rvb n <[email protected]> wrote:
>>>
>>>>
>>>>
>>>> *This is my collector -sidecar config*
>>>>
>>>> server_url: http://52.207.254.128:12900
>>>> node_id: graylog-collector-sidecar
>>>> collector_id: file:C:\Program Files
>>>> (x86)\graylog\collector-sidecar\collector-id
>>>> tags: windows
>>>> log_path: C:\Program Files (x86)\graylog\collector-sidecar
>>>> update_interval: 10
>>>> backends:
>>>> - name: nxlog
>>>> enabled: true
>>>> binary_path: C:\Program Files (x86)\nxlog\nxlog.exe
>>>> configuration_path: C:\Program Files
>>>> (x86)\graylog\collector-sidecar\generated\nxlog.conf
>>>>
>>>> *This is my nxlog.conf*
>>>>
>>>> ## This is a sample configuration file. See the nxlog reference manual
>>>> about the
>>>> ## configuration options. It should be installed locally and is also
>>>> available
>>>> ## online at http://nxlog.org/docs/
>>>>
>>>> ## Please set the ROOT to the folder your nxlog was installed into,
>>>> ## otherwise it will not start.
>>>>
>>>> #define ROOT C:\Program Files\nxlog
>>>> define ROOT C:\Program Files (x86)\nxlog
>>>>
>>>> Moduledir %ROOT%\modules
>>>> CacheDir %ROOT%\data
>>>> Pidfile %ROOT%\data\nxlog.pid
>>>> SpoolDir %ROOT%\data
>>>> LogFile %ROOT%\data\nxlog.log
>>>>
>>>> <Extension _syslog>
>>>> Module xm_syslog
>>>> </Extension>
>>>>
>>>> <Input in>
>>>> Module im_msvistalog
>>>> # For windows 2003 and earlier use the following:
>>>> # Module im_mseventlog
>>>> </Input>
>>>>
>>>> <Output out>
>>>> Module om_tcp
>>>> Host 192.168.1.102
>>>> Port 514
>>>> Exec to_syslog_snare();
>>>> </Output>
>>>>
>>>> <Route 1>
>>>> Path in => out
>>>> </Route>
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Graylog Users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/graylog2/752e795a-2f56-4368-9bdf-02e22bddb12d%40googlegroups.com
>>>>
>>>> <https://groups.google.com/d/msgid/graylog2/752e795a-2f56-4368-9bdf-02e22bddb12d%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>> .
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>>
>>>
>>> --
>>> Developer
>>>
>>> Tel.: +49 (0)40 609 452 077
>>> Fax.: +49 (0)40 609 452 078
>>>
>>> TORCH GmbH - A Graylog Company
>>> Poolstraße 21
>>> 20335 Hamburg
>>> Germany
>>>
>>> https://www.graylog.com <https://www.torch.sh/>
>>>
>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
>>> Geschäftsführer: Lennart Koopmann (CEO)
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Graylog Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/graylog2/46d34ec3-ea34-476e-ab28-03edc5a7ec94%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/graylog2/46d34ec3-ea34-476e-ab28-03edc5a7ec94%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Developer
>
> Tel.: +49 (0)40 609 452 077
> Fax.: +49 (0)40 609 452 078
>
> TORCH GmbH - A Graylog Company
> Poolstraße 21
> 20335 Hamburg
> Germany
>
> https://www.graylog.com <https://www.torch.sh/>
>
> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
> Geschäftsführer: Lennart Koopmann (CEO)
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/07152207-be40-45fc-ab3a-99b392120390%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
