Did you start the tcp gelf input in the Graylog ui? Did you opened port 12201 in the security group for the ec2 vm?
On 24 May 2016 at 16:07, rvb n <[email protected]> wrote: > Now nxlog is only one instance is running. no log received in GL. > > On Tuesday, 24 May 2016 19:20:45 UTC+5:30, Marius Sturm wrote: >> >> NXlog is telling you already what the problem is: ERROR Service is >> already running >> There is another nxlog instance running, stop that process before >> starting a new one. >> >> On 24 May 2016 at 15:41, rvb n <[email protected]> wrote: >> >>> Marius , >>> >>> I changed config as you said in nxlog and i stopped sidecar and i >>> started nxlog >>> >>> 2016-05-24 18:57:09 INFO nxlog-ce-2.9.1504 started >>> 2016-05-24 18:57:09 INFO connecting to 52.207.254.128:12201 >>> 2016-05-24 18:57:15 ERROR Service is already running >>> 2016-05-24 18:57:20 ERROR Service is already running >>> >>> still i have not received any log. can you please ask some question like >>> cross check so that can correct my mistake. pls sorry again >>> >>> On Tuesday, 24 May 2016 18:47:18 UTC+5:30, Marius Sturm wrote: >>>> >>>> With Graylog it's easier to use Gelf instead of syslog. Replace the >>>> syslog extension block with: >>>> >>>> <Extension gelf> >>>> Module xm_gelf >>>> </Extension> >>>> >>>> and replace the output block with: >>>> >>>> <Output out> >>>> Module om_tcp >>>> Host 52.207.254.128 >>>> Port 12201 >>>> OutputType GELF_TCP >>>> </Output> >>>> >>>> >>>> On 24 May 2016 at 15:09, rvb n <[email protected]> wrote: >>>> >>>>> This is my nxlog config >>>>> >>>>> ## This is a sample configuration file. See the nxlog reference manual >>>>> about the >>>>> ## configuration options. It should be installed locally and is also >>>>> available >>>>> ## online at http://nxlog.org/docs/ >>>>> >>>>> ## Please set the ROOT to the folder your nxlog was installed into, >>>>> ## otherwise it will not start. >>>>> >>>>> #define ROOT C:\Program Files\nxlog >>>>> define ROOT C:\Program Files (x86)\nxlog >>>>> >>>>> Moduledir %ROOT%\modules >>>>> CacheDir %ROOT%\data >>>>> Pidfile %ROOT%\data\nxlog.pid >>>>> SpoolDir %ROOT%\data >>>>> LogFile %ROOT%\data\nxlog.log >>>>> >>>>> <Extension _syslog> >>>>> Module xm_syslog >>>>> </Extension> >>>>> >>>>> <Input in> >>>>> Module im_msvistalog >>>>> # For windows 2003 and earlier use the following: >>>>> # Module im_mseventlog >>>>> </Input> >>>>> >>>>> <Output out> >>>>> Module om_tcp >>>>> Host 52.207.254.128 >>>>> Port 12201 >>>>> # Exec to_syslog_snare(); >>>>> </Output> >>>>> >>>>> <Route 1> >>>>> Path in => out >>>>> </Route> >>>>> >>>>> >>>>> On Tuesday, 24 May 2016 18:23:16 UTC+5:30, Marius Sturm wrote: >>>>>> >>>>>> In this scenario I would start with nxlog only. You don't need >>>>>> necessarily >>>>>> the sidecar for a first experiment. Just start nxlog with a proper >>>>>> configuration and see if you receive events in Graylog. >>>>>> >>>>>> On 24 May 2016 at 14:42, rvb n <[email protected]> wrote: >>>>>> >>>>>>> Hi >>>>>>> >>>>>>> I know am disturbing you , but i have no option sorry, i am very new >>>>>>> to graylog so pls help me. as you said i have changed config in nxlog >>>>>>> after >>>>>>> that am getting this error. >>>>>>> >>>>>>> 016-05-24 18:07:12 ERROR failed to open C:\Program Files >>>>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>>>> 2016-05-24 18:07:20 ERROR failed to open C:\Program Files >>>>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>>>> 2016-05-24 18:07:36 ERROR failed to open C:\Program Files >>>>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>>>> 2016-05-24 18:08:08 ERROR failed to open C:\Program Files >>>>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>>>> 2016-05-24 18:09:12 ERROR failed to open C:\Program Files >>>>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>>>> >>>>>>> >>>>>>> On Tuesday, 24 May 2016 17:43:15 UTC+5:30, Marius Sturm wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> you have to start an input on the Graylog AMI by going to System -> >>>>>>>> Inputs. You can take a Gelf-TCP input for example. And then configure >>>>>>>> nxlog >>>>>>>> to send to the AMI IP like: >>>>>>>> >>>>>>>> <Output out> >>>>>>>> Module om_tcp >>>>>>>> Host 52.207.254.128 >>>>>>>> Port 12201 >>>>>>>> OutputType GELF_TCP >>>>>>>> </Output> >>>>>>>> >>>>>>>> Make sure that the port 12201 is open from your local machine by >>>>>>>> setting the security group right in EC2. >>>>>>>> >>>>>>>> On 24 May 2016 at 13:39, rvb n <[email protected]> wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> *This is my collector -sidecar config* >>>>>>>>> >>>>>>>>> server_url: http://52.207.254.128:12900 >>>>>>>>> node_id: graylog-collector-sidecar >>>>>>>>> collector_id: file:C:\Program Files >>>>>>>>> (x86)\graylog\collector-sidecar\collector-id >>>>>>>>> tags: windows >>>>>>>>> log_path: C:\Program Files (x86)\graylog\collector-sidecar >>>>>>>>> update_interval: 10 >>>>>>>>> backends: >>>>>>>>> - name: nxlog >>>>>>>>> enabled: true >>>>>>>>> binary_path: C:\Program Files (x86)\nxlog\nxlog.exe >>>>>>>>> configuration_path: C:\Program Files >>>>>>>>> (x86)\graylog\collector-sidecar\generated\nxlog.conf >>>>>>>>> >>>>>>>>> *This is my nxlog.conf* >>>>>>>>> >>>>>>>>> ## This is a sample configuration file. See the nxlog reference >>>>>>>>> manual about the >>>>>>>>> ## configuration options. It should be installed locally and is >>>>>>>>> also available >>>>>>>>> ## online at http://nxlog.org/docs/ >>>>>>>>> >>>>>>>>> ## Please set the ROOT to the folder your nxlog was installed into, >>>>>>>>> ## otherwise it will not start. >>>>>>>>> >>>>>>>>> #define ROOT C:\Program Files\nxlog >>>>>>>>> define ROOT C:\Program Files (x86)\nxlog >>>>>>>>> >>>>>>>>> Moduledir %ROOT%\modules >>>>>>>>> CacheDir %ROOT%\data >>>>>>>>> Pidfile %ROOT%\data\nxlog.pid >>>>>>>>> SpoolDir %ROOT%\data >>>>>>>>> LogFile %ROOT%\data\nxlog.log >>>>>>>>> >>>>>>>>> <Extension _syslog> >>>>>>>>> Module xm_syslog >>>>>>>>> </Extension> >>>>>>>>> >>>>>>>>> <Input in> >>>>>>>>> Module im_msvistalog >>>>>>>>> # For windows 2003 and earlier use the following: >>>>>>>>> # Module im_mseventlog >>>>>>>>> </Input> >>>>>>>>> >>>>>>>>> <Output out> >>>>>>>>> Module om_tcp >>>>>>>>> Host 192.168.1.102 >>>>>>>>> Port 514 >>>>>>>>> Exec to_syslog_snare(); >>>>>>>>> </Output> >>>>>>>>> >>>>>>>>> <Route 1> >>>>>>>>> Path in => out >>>>>>>>> </Route> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "Graylog Users" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/d/msgid/graylog2/752e795a-2f56-4368-9bdf-02e22bddb12d%40googlegroups.com >>>>>>>>> <https://groups.google.com/d/msgid/graylog2/752e795a-2f56-4368-9bdf-02e22bddb12d%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Developer >>>>>>>> >>>>>>>> Tel.: +49 (0)40 609 452 077 >>>>>>>> Fax.: +49 (0)40 609 452 078 >>>>>>>> >>>>>>>> TORCH GmbH - A Graylog Company >>>>>>>> Poolstraße 21 >>>>>>>> 20335 Hamburg >>>>>>>> Germany >>>>>>>> >>>>>>>> https://www.graylog.com <https://www.torch.sh/> >>>>>>>> >>>>>>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >>>>>>>> Geschäftsführer: Lennart Koopmann (CEO) >>>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Graylog Users" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/graylog2/46d34ec3-ea34-476e-ab28-03edc5a7ec94%40googlegroups.com >>>>>>> <https://groups.google.com/d/msgid/graylog2/46d34ec3-ea34-476e-ab28-03edc5a7ec94%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Developer >>>>>> >>>>>> Tel.: +49 (0)40 609 452 077 >>>>>> Fax.: +49 (0)40 609 452 078 >>>>>> >>>>>> TORCH GmbH - A Graylog Company >>>>>> Poolstraße 21 >>>>>> 20335 Hamburg >>>>>> Germany >>>>>> >>>>>> https://www.graylog.com <https://www.torch.sh/> >>>>>> >>>>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >>>>>> Geschäftsführer: Lennart Koopmann (CEO) >>>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Graylog Users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/graylog2/07152207-be40-45fc-ab3a-99b392120390%40googlegroups.com >>>>> <https://groups.google.com/d/msgid/graylog2/07152207-be40-45fc-ab3a-99b392120390%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> >>>> >>>> -- >>>> Developer >>>> >>>> Tel.: +49 (0)40 609 452 077 >>>> Fax.: +49 (0)40 609 452 078 >>>> >>>> TORCH GmbH - A Graylog Company >>>> Poolstraße 21 >>>> 20335 Hamburg >>>> Germany >>>> >>>> https://www.graylog.com <https://www.torch.sh/> >>>> >>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >>>> Geschäftsführer: Lennart Koopmann (CEO) >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Graylog Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/graylog2/12c0f416-205f-4aad-878e-9ce816915dfb%40googlegroups.com >>> <https://groups.google.com/d/msgid/graylog2/12c0f416-205f-4aad-878e-9ce816915dfb%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Developer >> >> Tel.: +49 (0)40 609 452 077 >> Fax.: +49 (0)40 609 452 078 >> >> TORCH GmbH - A Graylog Company >> Poolstraße 21 >> 20335 Hamburg >> Germany >> >> https://www.graylog.com <https://www.torch.sh/> >> >> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >> Geschäftsführer: Lennart Koopmann (CEO) >> > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/c9299372-b323-46ff-adfc-e06a16aad7f9%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/c9299372-b323-46ff-adfc-e06a16aad7f9%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- Developer Tel.: +49 (0)40 609 452 077 Fax.: +49 (0)40 609 452 078 TORCH GmbH - A Graylog Company Poolstraße 21 20335 Hamburg Germany https://www.graylog.com <https://www.torch.sh/> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 Geschäftsführer: Lennart Koopmann (CEO) -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAMqbBbJgMf1eLrb3iEpsQs%2BpRVxnDK_ae9tBSHdcfU5uO7vYDA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
