Hi, you could check if the Gelf port on the Graylog side is exactly the same as on the Nxlog sender side, usually 12201. Go to System->Inputs (the input should have a green badge 'running') verify the port number with the one you configured for nxlog in the collector configuration. Another thing, Windows is not sending logs all the time so maybe you just need to create an event that is triggering a log e.g. opening the control panel?
If that doesn't help please post the generated nxlog configuration, maybe there is something obvious. On 7 July 2016 at 18:11, Kev Johnson <k...@drunkmonkey.co.uk> wrote: > Firstly: I love the idea of being able to push out updated configuration > files to my collectors. That said: I'm having issues getting logs to my > Graylog box (deployed from the OVA) > > Steps taken so far are as follows > > > - Installed NXlogCE > - Uninstalled the NXlog service > - Installed the Graylog Collector Sidecar > - Edited the sidecar_collector.yml file to point to my Graylog server, > and remove the reference to IIS > - Installed the Graylog Collector Sidecar service > - Started the Graylog Collector Sidecar service > - Created a configuration (Windows Logs, ship to the UDP GELF Input > defined on my Graylog box) > - Created a tag called Windows and applied it to this configuration > > > I see the nxlog.conf get created on the Windows server, I see nxlog.exe > start up on server, but nothing is sent. TCPDump on the Graylog server > shows only the TCP connections in on port 12900 from the Windows server. > > Any advice on troubleshooting this would be much appreciated! > > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to graylog2+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/526b544e-bf0b-4383-9819-61ae5f3ebfcd%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/526b544e-bf0b-4383-9819-61ae5f3ebfcd%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Developer Tel.: +49 (0)40 609 452 077 Fax.: +49 (0)40 609 452 078 TORCH GmbH - A Graylog Company Poolstraße 21 20335 Hamburg Germany https://www.graylog.com <https://www.torch.sh/> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 Geschäftsführer: Lennart Koopmann (CEO) -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAMqbBbK1e1oArQZ2L710LhHZAsdt4kT6qE0UUNozdUBu48ijug%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
