NXlog is telling you already what the problem is: ERROR Service is already running There is another nxlog instance running, stop that process before starting a new one.
On 24 May 2016 at 15:41, rvb n <[email protected]> wrote: > Marius , > > I changed config as you said in nxlog and i stopped sidecar and i started > nxlog > > 2016-05-24 18:57:09 INFO nxlog-ce-2.9.1504 started > 2016-05-24 18:57:09 INFO connecting to 52.207.254.128:12201 > 2016-05-24 18:57:15 ERROR Service is already running > 2016-05-24 18:57:20 ERROR Service is already running > > still i have not received any log. can you please ask some question like > cross check so that can correct my mistake. pls sorry again > > On Tuesday, 24 May 2016 18:47:18 UTC+5:30, Marius Sturm wrote: >> >> With Graylog it's easier to use Gelf instead of syslog. Replace the >> syslog extension block with: >> >> <Extension gelf> >> Module xm_gelf >> </Extension> >> >> and replace the output block with: >> >> <Output out> >> Module om_tcp >> Host 52.207.254.128 >> Port 12201 >> OutputType GELF_TCP >> </Output> >> >> >> On 24 May 2016 at 15:09, rvb n <[email protected]> wrote: >> >>> This is my nxlog config >>> >>> ## This is a sample configuration file. See the nxlog reference manual >>> about the >>> ## configuration options. It should be installed locally and is also >>> available >>> ## online at http://nxlog.org/docs/ >>> >>> ## Please set the ROOT to the folder your nxlog was installed into, >>> ## otherwise it will not start. >>> >>> #define ROOT C:\Program Files\nxlog >>> define ROOT C:\Program Files (x86)\nxlog >>> >>> Moduledir %ROOT%\modules >>> CacheDir %ROOT%\data >>> Pidfile %ROOT%\data\nxlog.pid >>> SpoolDir %ROOT%\data >>> LogFile %ROOT%\data\nxlog.log >>> >>> <Extension _syslog> >>> Module xm_syslog >>> </Extension> >>> >>> <Input in> >>> Module im_msvistalog >>> # For windows 2003 and earlier use the following: >>> # Module im_mseventlog >>> </Input> >>> >>> <Output out> >>> Module om_tcp >>> Host 52.207.254.128 >>> Port 12201 >>> # Exec to_syslog_snare(); >>> </Output> >>> >>> <Route 1> >>> Path in => out >>> </Route> >>> >>> >>> On Tuesday, 24 May 2016 18:23:16 UTC+5:30, Marius Sturm wrote: >>>> >>>> In this scenario I would start with nxlog only. You don't need necessarily >>>> the sidecar for a first experiment. Just start nxlog with a proper >>>> configuration and see if you receive events in Graylog. >>>> >>>> On 24 May 2016 at 14:42, rvb n <[email protected]> wrote: >>>> >>>>> Hi >>>>> >>>>> I know am disturbing you , but i have no option sorry, i am very new >>>>> to graylog so pls help me. as you said i have changed config in nxlog >>>>> after >>>>> that am getting this error. >>>>> >>>>> 016-05-24 18:07:12 ERROR failed to open C:\Program Files >>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>> 2016-05-24 18:07:20 ERROR failed to open C:\Program Files >>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>> 2016-05-24 18:07:36 ERROR failed to open C:\Program Files >>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>> 2016-05-24 18:08:08 ERROR failed to open C:\Program Files >>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>> 2016-05-24 18:09:12 ERROR failed to open C:\Program Files >>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>> >>>>> >>>>> On Tuesday, 24 May 2016 17:43:15 UTC+5:30, Marius Sturm wrote: >>>>>> >>>>>> Hi, >>>>>> you have to start an input on the Graylog AMI by going to System -> >>>>>> Inputs. You can take a Gelf-TCP input for example. And then configure >>>>>> nxlog >>>>>> to send to the AMI IP like: >>>>>> >>>>>> <Output out> >>>>>> Module om_tcp >>>>>> Host 52.207.254.128 >>>>>> Port 12201 >>>>>> OutputType GELF_TCP >>>>>> </Output> >>>>>> >>>>>> Make sure that the port 12201 is open from your local machine by >>>>>> setting the security group right in EC2. >>>>>> >>>>>> On 24 May 2016 at 13:39, rvb n <[email protected]> wrote: >>>>>> >>>>>>> >>>>>>> >>>>>>> *This is my collector -sidecar config* >>>>>>> >>>>>>> server_url: http://52.207.254.128:12900 >>>>>>> node_id: graylog-collector-sidecar >>>>>>> collector_id: file:C:\Program Files >>>>>>> (x86)\graylog\collector-sidecar\collector-id >>>>>>> tags: windows >>>>>>> log_path: C:\Program Files (x86)\graylog\collector-sidecar >>>>>>> update_interval: 10 >>>>>>> backends: >>>>>>> - name: nxlog >>>>>>> enabled: true >>>>>>> binary_path: C:\Program Files (x86)\nxlog\nxlog.exe >>>>>>> configuration_path: C:\Program Files >>>>>>> (x86)\graylog\collector-sidecar\generated\nxlog.conf >>>>>>> >>>>>>> *This is my nxlog.conf* >>>>>>> >>>>>>> ## This is a sample configuration file. See the nxlog reference >>>>>>> manual about the >>>>>>> ## configuration options. It should be installed locally and is also >>>>>>> available >>>>>>> ## online at http://nxlog.org/docs/ >>>>>>> >>>>>>> ## Please set the ROOT to the folder your nxlog was installed into, >>>>>>> ## otherwise it will not start. >>>>>>> >>>>>>> #define ROOT C:\Program Files\nxlog >>>>>>> define ROOT C:\Program Files (x86)\nxlog >>>>>>> >>>>>>> Moduledir %ROOT%\modules >>>>>>> CacheDir %ROOT%\data >>>>>>> Pidfile %ROOT%\data\nxlog.pid >>>>>>> SpoolDir %ROOT%\data >>>>>>> LogFile %ROOT%\data\nxlog.log >>>>>>> >>>>>>> <Extension _syslog> >>>>>>> Module xm_syslog >>>>>>> </Extension> >>>>>>> >>>>>>> <Input in> >>>>>>> Module im_msvistalog >>>>>>> # For windows 2003 and earlier use the following: >>>>>>> # Module im_mseventlog >>>>>>> </Input> >>>>>>> >>>>>>> <Output out> >>>>>>> Module om_tcp >>>>>>> Host 192.168.1.102 >>>>>>> Port 514 >>>>>>> Exec to_syslog_snare(); >>>>>>> </Output> >>>>>>> >>>>>>> <Route 1> >>>>>>> Path in => out >>>>>>> </Route> >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Graylog Users" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/graylog2/752e795a-2f56-4368-9bdf-02e22bddb12d%40googlegroups.com >>>>>>> <https://groups.google.com/d/msgid/graylog2/752e795a-2f56-4368-9bdf-02e22bddb12d%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Developer >>>>>> >>>>>> Tel.: +49 (0)40 609 452 077 >>>>>> Fax.: +49 (0)40 609 452 078 >>>>>> >>>>>> TORCH GmbH - A Graylog Company >>>>>> Poolstraße 21 >>>>>> 20335 Hamburg >>>>>> Germany >>>>>> >>>>>> https://www.graylog.com <https://www.torch.sh/> >>>>>> >>>>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >>>>>> Geschäftsführer: Lennart Koopmann (CEO) >>>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Graylog Users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/graylog2/46d34ec3-ea34-476e-ab28-03edc5a7ec94%40googlegroups.com >>>>> <https://groups.google.com/d/msgid/graylog2/46d34ec3-ea34-476e-ab28-03edc5a7ec94%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> >>>> >>>> -- >>>> Developer >>>> >>>> Tel.: +49 (0)40 609 452 077 >>>> Fax.: +49 (0)40 609 452 078 >>>> >>>> TORCH GmbH - A Graylog Company >>>> Poolstraße 21 >>>> 20335 Hamburg >>>> Germany >>>> >>>> https://www.graylog.com <https://www.torch.sh/> >>>> >>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >>>> Geschäftsführer: Lennart Koopmann (CEO) >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Graylog Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/graylog2/07152207-be40-45fc-ab3a-99b392120390%40googlegroups.com >>> <https://groups.google.com/d/msgid/graylog2/07152207-be40-45fc-ab3a-99b392120390%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Developer >> >> Tel.: +49 (0)40 609 452 077 >> Fax.: +49 (0)40 609 452 078 >> >> TORCH GmbH - A Graylog Company >> Poolstraße 21 >> 20335 Hamburg >> Germany >> >> https://www.graylog.com <https://www.torch.sh/> >> >> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >> Geschäftsführer: Lennart Koopmann (CEO) >> > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/12c0f416-205f-4aad-878e-9ce816915dfb%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/12c0f416-205f-4aad-878e-9ce816915dfb%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- Developer Tel.: +49 (0)40 609 452 077 Fax.: +49 (0)40 609 452 078 TORCH GmbH - A Graylog Company Poolstraße 21 20335 Hamburg Germany https://www.graylog.com <https://www.torch.sh/> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 Geschäftsführer: Lennart Koopmann (CEO) -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAMqbBbL7VR6NsiB5gMmnxHXpbHXkqv%3DgBOJ5hggOPih8muE2aA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
