Marius , I changed config as you said in nxlog and i stopped sidecar and i started nxlog
2016-05-24 18:57:09 INFO nxlog-ce-2.9.1504 started 2016-05-24 18:57:09 INFO connecting to 52.207.254.128:12201 2016-05-24 18:57:15 ERROR Service is already running 2016-05-24 18:57:20 ERROR Service is already running still i have not received any log. can you please ask some question like cross check so that can correct my mistake. pls sorry again On Tuesday, 24 May 2016 18:47:18 UTC+5:30, Marius Sturm wrote: > > With Graylog it's easier to use Gelf instead of syslog. Replace the syslog > extension block with: > > <Extension gelf> > Module xm_gelf > </Extension> > > and replace the output block with: > > <Output out> > Module om_tcp > Host 52.207.254.128 > Port 12201 > OutputType GELF_TCP > </Output> > > > On 24 May 2016 at 15:09, rvb n <[email protected] <javascript:>> > wrote: > >> This is my nxlog config >> >> ## This is a sample configuration file. See the nxlog reference manual >> about the >> ## configuration options. It should be installed locally and is also >> available >> ## online at http://nxlog.org/docs/ >> >> ## Please set the ROOT to the folder your nxlog was installed into, >> ## otherwise it will not start. >> >> #define ROOT C:\Program Files\nxlog >> define ROOT C:\Program Files (x86)\nxlog >> >> Moduledir %ROOT%\modules >> CacheDir %ROOT%\data >> Pidfile %ROOT%\data\nxlog.pid >> SpoolDir %ROOT%\data >> LogFile %ROOT%\data\nxlog.log >> >> <Extension _syslog> >> Module xm_syslog >> </Extension> >> >> <Input in> >> Module im_msvistalog >> # For windows 2003 and earlier use the following: >> # Module im_mseventlog >> </Input> >> >> <Output out> >> Module om_tcp >> Host 52.207.254.128 >> Port 12201 >> # Exec to_syslog_snare(); >> </Output> >> >> <Route 1> >> Path in => out >> </Route> >> >> >> On Tuesday, 24 May 2016 18:23:16 UTC+5:30, Marius Sturm wrote: >>> >>> In this scenario I would start with nxlog only. You don't need necessarily >>> the sidecar for a first experiment. Just start nxlog with a proper >>> configuration and see if you receive events in Graylog. >>> >>> On 24 May 2016 at 14:42, rvb n <[email protected]> wrote: >>> >>>> Hi >>>> >>>> I know am disturbing you , but i have no option sorry, i am very new to >>>> graylog so pls help me. as you said i have changed config in nxlog after >>>> that am getting this error. >>>> >>>> 016-05-24 18:07:12 ERROR failed to open C:\Program Files >>>> (x86)\graylog\collector-sidecar; Access is denied. >>>> 2016-05-24 18:07:20 ERROR failed to open C:\Program Files >>>> (x86)\graylog\collector-sidecar; Access is denied. >>>> 2016-05-24 18:07:36 ERROR failed to open C:\Program Files >>>> (x86)\graylog\collector-sidecar; Access is denied. >>>> 2016-05-24 18:08:08 ERROR failed to open C:\Program Files >>>> (x86)\graylog\collector-sidecar; Access is denied. >>>> 2016-05-24 18:09:12 ERROR failed to open C:\Program Files >>>> (x86)\graylog\collector-sidecar; Access is denied. >>>> >>>> >>>> On Tuesday, 24 May 2016 17:43:15 UTC+5:30, Marius Sturm wrote: >>>>> >>>>> Hi, >>>>> you have to start an input on the Graylog AMI by going to System -> >>>>> Inputs. You can take a Gelf-TCP input for example. And then configure >>>>> nxlog >>>>> to send to the AMI IP like: >>>>> >>>>> <Output out> >>>>> Module om_tcp >>>>> Host 52.207.254.128 >>>>> Port 12201 >>>>> OutputType GELF_TCP >>>>> </Output> >>>>> >>>>> Make sure that the port 12201 is open from your local machine by >>>>> setting the security group right in EC2. >>>>> >>>>> On 24 May 2016 at 13:39, rvb n <[email protected]> wrote: >>>>> >>>>>> >>>>>> >>>>>> *This is my collector -sidecar config* >>>>>> >>>>>> server_url: http://52.207.254.128:12900 >>>>>> node_id: graylog-collector-sidecar >>>>>> collector_id: file:C:\Program Files >>>>>> (x86)\graylog\collector-sidecar\collector-id >>>>>> tags: windows >>>>>> log_path: C:\Program Files (x86)\graylog\collector-sidecar >>>>>> update_interval: 10 >>>>>> backends: >>>>>> - name: nxlog >>>>>> enabled: true >>>>>> binary_path: C:\Program Files (x86)\nxlog\nxlog.exe >>>>>> configuration_path: C:\Program Files >>>>>> (x86)\graylog\collector-sidecar\generated\nxlog.conf >>>>>> >>>>>> *This is my nxlog.conf* >>>>>> >>>>>> ## This is a sample configuration file. See the nxlog reference >>>>>> manual about the >>>>>> ## configuration options. It should be installed locally and is also >>>>>> available >>>>>> ## online at http://nxlog.org/docs/ >>>>>> >>>>>> ## Please set the ROOT to the folder your nxlog was installed into, >>>>>> ## otherwise it will not start. >>>>>> >>>>>> #define ROOT C:\Program Files\nxlog >>>>>> define ROOT C:\Program Files (x86)\nxlog >>>>>> >>>>>> Moduledir %ROOT%\modules >>>>>> CacheDir %ROOT%\data >>>>>> Pidfile %ROOT%\data\nxlog.pid >>>>>> SpoolDir %ROOT%\data >>>>>> LogFile %ROOT%\data\nxlog.log >>>>>> >>>>>> <Extension _syslog> >>>>>> Module xm_syslog >>>>>> </Extension> >>>>>> >>>>>> <Input in> >>>>>> Module im_msvistalog >>>>>> # For windows 2003 and earlier use the following: >>>>>> # Module im_mseventlog >>>>>> </Input> >>>>>> >>>>>> <Output out> >>>>>> Module om_tcp >>>>>> Host 192.168.1.102 >>>>>> Port 514 >>>>>> Exec to_syslog_snare(); >>>>>> </Output> >>>>>> >>>>>> <Route 1> >>>>>> Path in => out >>>>>> </Route> >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Graylog Users" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/graylog2/752e795a-2f56-4368-9bdf-02e22bddb12d%40googlegroups.com >>>>>> >>>>>> <https://groups.google.com/d/msgid/graylog2/752e795a-2f56-4368-9bdf-02e22bddb12d%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Developer >>>>> >>>>> Tel.: +49 (0)40 609 452 077 >>>>> Fax.: +49 (0)40 609 452 078 >>>>> >>>>> TORCH GmbH - A Graylog Company >>>>> Poolstraße 21 >>>>> 20335 Hamburg >>>>> Germany >>>>> >>>>> https://www.graylog.com <https://www.torch.sh/> >>>>> >>>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >>>>> Geschäftsführer: Lennart Koopmann (CEO) >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Graylog Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/graylog2/46d34ec3-ea34-476e-ab28-03edc5a7ec94%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/graylog2/46d34ec3-ea34-476e-ab28-03edc5a7ec94%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >>> >>> -- >>> Developer >>> >>> Tel.: +49 (0)40 609 452 077 >>> Fax.: +49 (0)40 609 452 078 >>> >>> TORCH GmbH - A Graylog Company >>> Poolstraße 21 >>> 20335 Hamburg >>> Germany >>> >>> https://www.graylog.com <https://www.torch.sh/> >>> >>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >>> Geschäftsführer: Lennart Koopmann (CEO) >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Graylog Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/graylog2/07152207-be40-45fc-ab3a-99b392120390%40googlegroups.com >> >> <https://groups.google.com/d/msgid/graylog2/07152207-be40-45fc-ab3a-99b392120390%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Developer > > Tel.: +49 (0)40 609 452 077 > Fax.: +49 (0)40 609 452 078 > > TORCH GmbH - A Graylog Company > Poolstraße 21 > 20335 Hamburg > Germany > > https://www.graylog.com <https://www.torch.sh/> > > Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 > Geschäftsführer: Lennart Koopmann (CEO) > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/12c0f416-205f-4aad-878e-9ce816915dfb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
