After a bit of trial and and lots of reading, I managed to get Graylog working like a charm
I'm using NXLOG to send the logs to Graylog via GELF UDP Using the appliance gives me limtied space and i will run out of space eventually. Right now I'm just testing and trying diffrent things. 4 serves sending the logs has consumed over 5gb of data over the last week and I have well over 100 not to mention the CISCO/Juniper devices I have. That said, this is my current config and it works like a charm __________________________________________________________ define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension gelf> Module xm_gelf </Extension> <Input in> # Use ’im_mseventlog’ for Windows XP, 2000 and 2003 Module im_msvistalog # Uncomment the following to collect specific event logs only Query <QueryList>\ <Query Id="0">\ <Select Path="System">*</Select>\ <Select Path="Application">*</Select>\ <Select Path="Security">*</Select>\ </Query>\ </QueryList> </Input> <Output out> Module om_udp Host 10.60.10.62 Port 12201 OutputType GELF </Output> <Route r> Path in => out </Route> _______________________________________________________ Now I put a REM statement at the beginning of the file # Just capturing security logs The service won't start. If I rem out Application and System path, it won't start. Any suggestions? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a874ad12-e3b6-4d4c-ae25-469584b62525%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
