Thanks Marius - I've double checked the input port (and that it's running!), but even if it were a mismatch I'd expect tcpdump to show the packets hitting the interface. I suspect that this has to be down to the generated config, so I'm pasting the contents of one of the servers' configs below - I'm afraid that I'm not really sure how I would troubleshoot that, so I'm happy to be told that I've done something stupid!
define ROOT C:\Program Files (x86)\nxlog > > >> <Extension gelf> > > Module xm_gelf > > </Extension> > > >> >> >> >> <Input 577e5a4bc745f2099c054dd5> > > Module im_msvistalog > > PollInterval 10 > > SavePos True > > ReadFromLast True > > </Input> > > >> >> >> <Output 577e6c75c745f2099c0561b3> > > Module om_udp > > Host 192.168.21.12 > > Port 5414 > > OutputType GELF > > Exec $short_message = $raw_event; # Avoids truncation of the short_message >> field. > > Exec $gl2_source_collector = '28a3c8c7-bc02-44e0-98a5-e93e52b057e5'; > > Exec $Hostname = hostname_fqdn(); > > </Output> > > >> >> >> <Route route-0> > > Path 577e5a4bc745f2099c054dd5 => 577e6c75c745f2099c0561b3 > > </Route> > > >> >> On Thursday, 7 July 2016 18:41:36 UTC+1, Marius Sturm wrote: > > Hi, > you could check if the Gelf port on the Graylog side is exactly the same > as on the Nxlog sender side, usually 12201. Go to System->Inputs (the input > should have a green badge 'running') verify the port number with the one > you configured for nxlog in the collector configuration. > Another thing, Windows is not sending logs all the time so maybe you just > need to create an event that is triggering a log e.g. opening the control > panel? > > If that doesn't help please post the generated nxlog configuration, maybe > there is something obvious. > > On 7 July 2016 at 18:11, Kev Johnson <[email protected] <javascript:> > > wrote: > >> Firstly: I love the idea of being able to push out updated configuration >> files to my collectors. That said: I'm having issues getting logs to my >> Graylog box (deployed from the OVA) >> >> Steps taken so far are as follows >> >> >> - Installed NXlogCE >> - Uninstalled the NXlog service >> - Installed the Graylog Collector Sidecar >> - Edited the sidecar_collector.yml file to point to my Graylog >> server, and remove the reference to IIS >> - Installed the Graylog Collector Sidecar service >> - Started the Graylog Collector Sidecar service >> - Created a configuration (Windows Logs, ship to the UDP GELF Input >> defined on my Graylog box) >> - Created a tag called Windows and applied it to this configuration >> >> >> I see the nxlog.conf get created on the Windows server, I see nxlog.exe >> start up on server, but nothing is sent. TCPDump on the Graylog server >> shows only the TCP connections in on port 12900 from the Windows server. >> >> Any advice on troubleshooting this would be much appreciated! >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Graylog Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/graylog2/526b544e-bf0b-4383-9819-61ae5f3ebfcd%40googlegroups.com >> >> <https://groups.google.com/d/msgid/graylog2/526b544e-bf0b-4383-9819-61ae5f3ebfcd%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Developer > > Tel.: +49 (0)40 609 452 077 > Fax.: +49 (0)40 609 452 078 > > TORCH GmbH - A Graylog Company > Poolstraße 21 > 20335 Hamburg > Germany > > https://www.graylog.com <https://www.torch.sh/> > > Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 > Geschäftsführer: Lennart Koopmann (CEO) > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/0a3e44a6-5f60-4614-8b1c-e260c33edaec%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
