Now nxlog is only one instance is running. no log received in GL. On Tuesday, 24 May 2016 19:20:45 UTC+5:30, Marius Sturm wrote: > > NXlog is telling you already what the problem is: ERROR Service is already > running > There is another nxlog instance running, stop that process before starting > a new one. > > On 24 May 2016 at 15:41, rvb n <[email protected] <javascript:>> > wrote: > >> Marius , >> >> I changed config as you said in nxlog and i stopped sidecar and i started >> nxlog >> >> 2016-05-24 18:57:09 INFO nxlog-ce-2.9.1504 started >> 2016-05-24 18:57:09 INFO connecting to 52.207.254.128:12201 >> 2016-05-24 18:57:15 ERROR Service is already running >> 2016-05-24 18:57:20 ERROR Service is already running >> >> still i have not received any log. can you please ask some question like >> cross check so that can correct my mistake. pls sorry again >> >> On Tuesday, 24 May 2016 18:47:18 UTC+5:30, Marius Sturm wrote: >>> >>> With Graylog it's easier to use Gelf instead of syslog. Replace the >>> syslog extension block with: >>> >>> <Extension gelf> >>> Module xm_gelf >>> </Extension> >>> >>> and replace the output block with: >>> >>> <Output out> >>> Module om_tcp >>> Host 52.207.254.128 >>> Port 12201 >>> OutputType GELF_TCP >>> </Output> >>> >>> >>> On 24 May 2016 at 15:09, rvb n <[email protected]> wrote: >>> >>>> This is my nxlog config >>>> >>>> ## This is a sample configuration file. See the nxlog reference manual >>>> about the >>>> ## configuration options. It should be installed locally and is also >>>> available >>>> ## online at http://nxlog.org/docs/ >>>> >>>> ## Please set the ROOT to the folder your nxlog was installed into, >>>> ## otherwise it will not start. >>>> >>>> #define ROOT C:\Program Files\nxlog >>>> define ROOT C:\Program Files (x86)\nxlog >>>> >>>> Moduledir %ROOT%\modules >>>> CacheDir %ROOT%\data >>>> Pidfile %ROOT%\data\nxlog.pid >>>> SpoolDir %ROOT%\data >>>> LogFile %ROOT%\data\nxlog.log >>>> >>>> <Extension _syslog> >>>> Module xm_syslog >>>> </Extension> >>>> >>>> <Input in> >>>> Module im_msvistalog >>>> # For windows 2003 and earlier use the following: >>>> # Module im_mseventlog >>>> </Input> >>>> >>>> <Output out> >>>> Module om_tcp >>>> Host 52.207.254.128 >>>> Port 12201 >>>> # Exec to_syslog_snare(); >>>> </Output> >>>> >>>> <Route 1> >>>> Path in => out >>>> </Route> >>>> >>>> >>>> On Tuesday, 24 May 2016 18:23:16 UTC+5:30, Marius Sturm wrote: >>>>> >>>>> In this scenario I would start with nxlog only. You don't need >>>>> necessarily >>>>> the sidecar for a first experiment. Just start nxlog with a proper >>>>> configuration and see if you receive events in Graylog. >>>>> >>>>> On 24 May 2016 at 14:42, rvb n <[email protected]> wrote: >>>>> >>>>>> Hi >>>>>> >>>>>> I know am disturbing you , but i have no option sorry, i am very new >>>>>> to graylog so pls help me. as you said i have changed config in nxlog >>>>>> after >>>>>> that am getting this error. >>>>>> >>>>>> 016-05-24 18:07:12 ERROR failed to open C:\Program Files >>>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>>> 2016-05-24 18:07:20 ERROR failed to open C:\Program Files >>>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>>> 2016-05-24 18:07:36 ERROR failed to open C:\Program Files >>>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>>> 2016-05-24 18:08:08 ERROR failed to open C:\Program Files >>>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>>> 2016-05-24 18:09:12 ERROR failed to open C:\Program Files >>>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>>> >>>>>> >>>>>> On Tuesday, 24 May 2016 17:43:15 UTC+5:30, Marius Sturm wrote: >>>>>>> >>>>>>> Hi, >>>>>>> you have to start an input on the Graylog AMI by going to System -> >>>>>>> Inputs. You can take a Gelf-TCP input for example. And then configure >>>>>>> nxlog >>>>>>> to send to the AMI IP like: >>>>>>> >>>>>>> <Output out> >>>>>>> Module om_tcp >>>>>>> Host 52.207.254.128 >>>>>>> Port 12201 >>>>>>> OutputType GELF_TCP >>>>>>> </Output> >>>>>>> >>>>>>> Make sure that the port 12201 is open from your local machine by >>>>>>> setting the security group right in EC2. >>>>>>> >>>>>>> On 24 May 2016 at 13:39, rvb n <[email protected]> wrote: >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *This is my collector -sidecar config* >>>>>>>> >>>>>>>> server_url: http://52.207.254.128:12900 >>>>>>>> node_id: graylog-collector-sidecar >>>>>>>> collector_id: file:C:\Program Files >>>>>>>> (x86)\graylog\collector-sidecar\collector-id >>>>>>>> tags: windows >>>>>>>> log_path: C:\Program Files (x86)\graylog\collector-sidecar >>>>>>>> update_interval: 10 >>>>>>>> backends: >>>>>>>> - name: nxlog >>>>>>>> enabled: true >>>>>>>> binary_path: C:\Program Files (x86)\nxlog\nxlog.exe >>>>>>>> configuration_path: C:\Program Files >>>>>>>> (x86)\graylog\collector-sidecar\generated\nxlog.conf >>>>>>>> >>>>>>>> *This is my nxlog.conf* >>>>>>>> >>>>>>>> ## This is a sample configuration file. See the nxlog reference >>>>>>>> manual about the >>>>>>>> ## configuration options. It should be installed locally and is >>>>>>>> also available >>>>>>>> ## online at http://nxlog.org/docs/ >>>>>>>> >>>>>>>> ## Please set the ROOT to the folder your nxlog was installed into, >>>>>>>> ## otherwise it will not start. >>>>>>>> >>>>>>>> #define ROOT C:\Program Files\nxlog >>>>>>>> define ROOT C:\Program Files (x86)\nxlog >>>>>>>> >>>>>>>> Moduledir %ROOT%\modules >>>>>>>> CacheDir %ROOT%\data >>>>>>>> Pidfile %ROOT%\data\nxlog.pid >>>>>>>> SpoolDir %ROOT%\data >>>>>>>> LogFile %ROOT%\data\nxlog.log >>>>>>>> >>>>>>>> <Extension _syslog> >>>>>>>> Module xm_syslog >>>>>>>> </Extension> >>>>>>>> >>>>>>>> <Input in> >>>>>>>> Module im_msvistalog >>>>>>>> # For windows 2003 and earlier use the following: >>>>>>>> # Module im_mseventlog >>>>>>>> </Input> >>>>>>>> >>>>>>>> <Output out> >>>>>>>> Module om_tcp >>>>>>>> Host 192.168.1.102 >>>>>>>> Port 514 >>>>>>>> Exec to_syslog_snare(); >>>>>>>> </Output> >>>>>>>> >>>>>>>> <Route 1> >>>>>>>> Path in => out >>>>>>>> </Route> >>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "Graylog Users" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to [email protected]. >>>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/d/msgid/graylog2/752e795a-2f56-4368-9bdf-02e22bddb12d%40googlegroups.com >>>>>>>> >>>>>>>> <https://groups.google.com/d/msgid/graylog2/752e795a-2f56-4368-9bdf-02e22bddb12d%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Developer >>>>>>> >>>>>>> Tel.: +49 (0)40 609 452 077 >>>>>>> Fax.: +49 (0)40 609 452 078 >>>>>>> >>>>>>> TORCH GmbH - A Graylog Company >>>>>>> Poolstraße 21 >>>>>>> 20335 Hamburg >>>>>>> Germany >>>>>>> >>>>>>> https://www.graylog.com <https://www.torch.sh/> >>>>>>> >>>>>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >>>>>>> Geschäftsführer: Lennart Koopmann (CEO) >>>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Graylog Users" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/graylog2/46d34ec3-ea34-476e-ab28-03edc5a7ec94%40googlegroups.com >>>>>> >>>>>> <https://groups.google.com/d/msgid/graylog2/46d34ec3-ea34-476e-ab28-03edc5a7ec94%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Developer >>>>> >>>>> Tel.: +49 (0)40 609 452 077 >>>>> Fax.: +49 (0)40 609 452 078 >>>>> >>>>> TORCH GmbH - A Graylog Company >>>>> Poolstraße 21 >>>>> 20335 Hamburg >>>>> Germany >>>>> >>>>> https://www.graylog.com <https://www.torch.sh/> >>>>> >>>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >>>>> Geschäftsführer: Lennart Koopmann (CEO) >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Graylog Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/graylog2/07152207-be40-45fc-ab3a-99b392120390%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/graylog2/07152207-be40-45fc-ab3a-99b392120390%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >>> >>> -- >>> Developer >>> >>> Tel.: +49 (0)40 609 452 077 >>> Fax.: +49 (0)40 609 452 078 >>> >>> TORCH GmbH - A Graylog Company >>> Poolstraße 21 >>> 20335 Hamburg >>> Germany >>> >>> https://www.graylog.com <https://www.torch.sh/> >>> >>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >>> Geschäftsführer: Lennart Koopmann (CEO) >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Graylog Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/graylog2/12c0f416-205f-4aad-878e-9ce816915dfb%40googlegroups.com >> >> <https://groups.google.com/d/msgid/graylog2/12c0f416-205f-4aad-878e-9ce816915dfb%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Developer > > Tel.: +49 (0)40 609 452 077 > Fax.: +49 (0)40 609 452 078 > > TORCH GmbH - A Graylog Company > Poolstraße 21 > 20335 Hamburg > Germany > > https://www.graylog.com <https://www.torch.sh/> > > Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 > Geschäftsführer: Lennart Koopmann (CEO) >
-- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/c9299372-b323-46ff-adfc-e06a16aad7f9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
