Check the nxlog file itself, I found when I ran basically this there is a warning on startup that a large number of log files are being ignored due to limits in windows API. I didn't dig into whether I cared, as I was still testing and would probably be explicit which logs I asked for. But See if you are getting a list of not-sent in the nx log on the windows (not graylog) server.
On Wednesday, August 10, 2016 at 3:20:19 PM UTC-4, Jamie P wrote: > > I wanted to make sure if the following config would have nxlog send all > event logs on a Windows Server (Domain Controller or otherwise) to a > graylog instance. > > ## This is a sample configuration file. See the nxlog reference manual > about the > ## configuration options. It should be installed locally and is also > available > ## online at http://nxlog.org/docs/ > > ## Please set the ROOT to the folder your nxlog was installed into, > ## otherwise it will not start. > > #define ROOT C:\Program Files\nxlog > define ROOT C:\Program Files (x86)\nxlog > > Moduledir %ROOT%\modules > CacheDir %ROOT%\data > Pidfile %ROOT%\data\nxlog.pid > SpoolDir %ROOT%\data > LogFile %ROOT%\data\nxlog.log > > #<Extension _syslog> > # Module xm_syslog > #</Extension> > > <Extension gelf> > Module xm_gelf > </Extension> > > <Input in> > Module im_msvistalog > # For windows 2003 and earlier use the following: > # Module im_mseventlog > </Input> > > <Output out> > Module om_udp > Host 192.168.1.79 > Port 12201 > OutputType GELF > # Exec to_syslog_snare(); > </Output> > > <Route 1> > Path in => out > </Route> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/2069a9b4-83bf-478e-81e3-e829712bfb40%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
