I'm not an employee of graylog. This falls into the realm of nxlog and not Graylog. You will have to post on nxlog's forums for an answer. While I'm not the best at this. Your Route looks interesting to me you have listed <Route r> and I used <Route 1> (as a lot of other configs I have seen as well as mine). Still you'll want to ask nxlog on their forums and they can tell you what you need to do. Good luck.
On Monday, November 21, 2016 at 12:05:25 PM UTC-5, Ed Berlot wrote: > > After a bit of trial and and lots of reading, I managed to get Graylog > working like a charm > > > I'm using NXLOG to send the logs to Graylog via GELF UDP > > Using the appliance gives me limtied space and i will run out of space > eventually. > Right now I'm just testing and trying diffrent things. > > 4 serves sending the logs has consumed over 5gb of data over the last week > and I have well over 100 not to mention the CISCO/Juniper devices I have. > That said, this is my current config and it works like a charm > > > __________________________________________________________ > define ROOT C:\Program Files (x86)\nxlog > Moduledir %ROOT%\modules > CacheDir %ROOT%\data > Pidfile %ROOT%\data\nxlog.pid > SpoolDir %ROOT%\data > LogFile %ROOT%\data\nxlog.log > <Extension gelf> > Module xm_gelf > </Extension> > <Input in> > # Use ’im_mseventlog’ for Windows XP, 2000 and 2003 > Module im_msvistalog > # Uncomment the following to collect specific event logs only > Query <QueryList>\ > <Query Id="0">\ > <Select Path="System">*</Select>\ > <Select Path="Application">*</Select>\ > <Select Path="Security">*</Select>\ > </Query>\ > </QueryList> > </Input> > <Output out> > Module om_udp > Host 10.60.10.62 > Port 12201 > OutputType GELF > </Output> > <Route r> > Path in => out > </Route> > _______________________________________________________ > > Now I put a REM statement at the beginning of the file > > # Just capturing security logs > > The service won't start. > If I rem out Application and System path, it won't start. > > Any suggestions? > > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/f1432a1e-e24d-4dc8-99d7-548b0650e319%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
