Are there any corrections that I should make to this config to ensure all Windows Events from a server are being sent to a graylog instance?
On Wednesday, August 10, 2016 at 3:20:19 PM UTC-4, Jamie P wrote: > > I wanted to make sure if the following config would have nxlog send all > event logs on a Windows Server (Domain Controller or otherwise) to a > graylog instance. > > ## This is a sample configuration file. See the nxlog reference manual > about the > ## configuration options. It should be installed locally and is also > available > ## online at http://nxlog.org/docs/ > > ## Please set the ROOT to the folder your nxlog was installed into, > ## otherwise it will not start. > > #define ROOT C:\Program Files\nxlog > define ROOT C:\Program Files (x86)\nxlog > > Moduledir %ROOT%\modules > CacheDir %ROOT%\data > Pidfile %ROOT%\data\nxlog.pid > SpoolDir %ROOT%\data > LogFile %ROOT%\data\nxlog.log > > #<Extension _syslog> > # Module xm_syslog > #</Extension> > > <Extension gelf> > Module xm_gelf > </Extension> > > <Input in> > Module im_msvistalog > # For windows 2003 and earlier use the following: > # Module im_mseventlog > </Input> > > <Output out> > Module om_udp > Host 192.168.1.79 > Port 12201 > OutputType GELF > # Exec to_syslog_snare(); > </Output> > > <Route 1> > Path in => out > </Route> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/affa0856-7ceb-44cd-b9c2-ecbb376f7f9e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
