With Graylog it's easier to use Gelf instead of syslog. Replace the syslog
extension block with:
<Extension gelf>
Module xm_gelf
</Extension>
and replace the output block with:
<Output out>
Module om_tcp
Host 52.207.254.128
Port 12201
OutputType GELF_TCP
</Output>
On 24 May 2016 at 15:09, rvb n <[email protected]> wrote:
> This is my nxlog config
>
> ## This is a sample configuration file. See the nxlog reference manual
> about the
> ## configuration options. It should be installed locally and is also
> available
> ## online at http://nxlog.org/docs/
>
> ## Please set the ROOT to the folder your nxlog was installed into,
> ## otherwise it will not start.
>
> #define ROOT C:\Program Files\nxlog
> define ROOT C:\Program Files (x86)\nxlog
>
> Moduledir %ROOT%\modules
> CacheDir %ROOT%\data
> Pidfile %ROOT%\data\nxlog.pid
> SpoolDir %ROOT%\data
> LogFile %ROOT%\data\nxlog.log
>
> <Extension _syslog>
> Module xm_syslog
> </Extension>
>
> <Input in>
> Module im_msvistalog
> # For windows 2003 and earlier use the following:
> # Module im_mseventlog
> </Input>
>
> <Output out>
> Module om_tcp
> Host 52.207.254.128
> Port 12201
> # Exec to_syslog_snare();
> </Output>
>
> <Route 1>
> Path in => out
> </Route>
>
>
> On Tuesday, 24 May 2016 18:23:16 UTC+5:30, Marius Sturm wrote:
>>
>> In this scenario I would start with nxlog only. You don't need necessarily
>> the sidecar for a first experiment. Just start nxlog with a proper
>> configuration and see if you receive events in Graylog.
>>
>> On 24 May 2016 at 14:42, rvb n <[email protected]> wrote:
>>
>>> Hi
>>>
>>> I know am disturbing you , but i have no option sorry, i am very new to
>>> graylog so pls help me. as you said i have changed config in nxlog after
>>> that am getting this error.
>>>
>>> 016-05-24 18:07:12 ERROR failed to open C:\Program Files
>>> (x86)\graylog\collector-sidecar; Access is denied.
>>> 2016-05-24 18:07:20 ERROR failed to open C:\Program Files
>>> (x86)\graylog\collector-sidecar; Access is denied.
>>> 2016-05-24 18:07:36 ERROR failed to open C:\Program Files
>>> (x86)\graylog\collector-sidecar; Access is denied.
>>> 2016-05-24 18:08:08 ERROR failed to open C:\Program Files
>>> (x86)\graylog\collector-sidecar; Access is denied.
>>> 2016-05-24 18:09:12 ERROR failed to open C:\Program Files
>>> (x86)\graylog\collector-sidecar; Access is denied.
>>>
>>>
>>> On Tuesday, 24 May 2016 17:43:15 UTC+5:30, Marius Sturm wrote:
>>>>
>>>> Hi,
>>>> you have to start an input on the Graylog AMI by going to System ->
>>>> Inputs. You can take a Gelf-TCP input for example. And then configure nxlog
>>>> to send to the AMI IP like:
>>>>
>>>> <Output out>
>>>> Module om_tcp
>>>> Host 52.207.254.128
>>>> Port 12201
>>>> OutputType GELF_TCP
>>>> </Output>
>>>>
>>>> Make sure that the port 12201 is open from your local machine by
>>>> setting the security group right in EC2.
>>>>
>>>> On 24 May 2016 at 13:39, rvb n <[email protected]> wrote:
>>>>
>>>>>
>>>>>
>>>>> *This is my collector -sidecar config*
>>>>>
>>>>> server_url: http://52.207.254.128:12900
>>>>> node_id: graylog-collector-sidecar
>>>>> collector_id: file:C:\Program Files
>>>>> (x86)\graylog\collector-sidecar\collector-id
>>>>> tags: windows
>>>>> log_path: C:\Program Files (x86)\graylog\collector-sidecar
>>>>> update_interval: 10
>>>>> backends:
>>>>> - name: nxlog
>>>>> enabled: true
>>>>> binary_path: C:\Program Files (x86)\nxlog\nxlog.exe
>>>>> configuration_path: C:\Program Files
>>>>> (x86)\graylog\collector-sidecar\generated\nxlog.conf
>>>>>
>>>>> *This is my nxlog.conf*
>>>>>
>>>>> ## This is a sample configuration file. See the nxlog reference manual
>>>>> about the
>>>>> ## configuration options. It should be installed locally and is also
>>>>> available
>>>>> ## online at http://nxlog.org/docs/
>>>>>
>>>>> ## Please set the ROOT to the folder your nxlog was installed into,
>>>>> ## otherwise it will not start.
>>>>>
>>>>> #define ROOT C:\Program Files\nxlog
>>>>> define ROOT C:\Program Files (x86)\nxlog
>>>>>
>>>>> Moduledir %ROOT%\modules
>>>>> CacheDir %ROOT%\data
>>>>> Pidfile %ROOT%\data\nxlog.pid
>>>>> SpoolDir %ROOT%\data
>>>>> LogFile %ROOT%\data\nxlog.log
>>>>>
>>>>> <Extension _syslog>
>>>>> Module xm_syslog
>>>>> </Extension>
>>>>>
>>>>> <Input in>
>>>>> Module im_msvistalog
>>>>> # For windows 2003 and earlier use the following:
>>>>> # Module im_mseventlog
>>>>> </Input>
>>>>>
>>>>> <Output out>
>>>>> Module om_tcp
>>>>> Host 192.168.1.102
>>>>> Port 514
>>>>> Exec to_syslog_snare();
>>>>> </Output>
>>>>>
>>>>> <Route 1>
>>>>> Path in => out
>>>>> </Route>
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "Graylog Users" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to [email protected].
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/graylog2/752e795a-2f56-4368-9bdf-02e22bddb12d%40googlegroups.com
>>>>> <https://groups.google.com/d/msgid/graylog2/752e795a-2f56-4368-9bdf-02e22bddb12d%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Developer
>>>>
>>>> Tel.: +49 (0)40 609 452 077
>>>> Fax.: +49 (0)40 609 452 078
>>>>
>>>> TORCH GmbH - A Graylog Company
>>>> Poolstraße 21
>>>> 20335 Hamburg
>>>> Germany
>>>>
>>>> https://www.graylog.com <https://www.torch.sh/>
>>>>
>>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
>>>> Geschäftsführer: Lennart Koopmann (CEO)
>>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Graylog Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/graylog2/46d34ec3-ea34-476e-ab28-03edc5a7ec94%40googlegroups.com
>>> <https://groups.google.com/d/msgid/graylog2/46d34ec3-ea34-476e-ab28-03edc5a7ec94%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> --
>> Developer
>>
>> Tel.: +49 (0)40 609 452 077
>> Fax.: +49 (0)40 609 452 078
>>
>> TORCH GmbH - A Graylog Company
>> Poolstraße 21
>> 20335 Hamburg
>> Germany
>>
>> https://www.graylog.com <https://www.torch.sh/>
>>
>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
>> Geschäftsführer: Lennart Koopmann (CEO)
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/07152207-be40-45fc-ab3a-99b392120390%40googlegroups.com
> <https://groups.google.com/d/msgid/graylog2/07152207-be40-45fc-ab3a-99b392120390%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
Developer
Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078
TORCH GmbH - A Graylog Company
Poolstraße 21
20335 Hamburg
Germany
https://www.graylog.com <https://www.torch.sh/>
Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/CAMqbBbL6CMhmS9uEdNNGn0h-8k2vqcVQkAg%2BXOJDgAHOWa96mQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
