Need help, how to client connect to graylog
Define the base configuration for NXLog
Moduledir “C:\Program Files (x86)\nxlog\modules”
CacheDir “C:\Program Files (x86)\nxlog\data”
LogFile “C:\Program Files (x86)\nxlog\data\nxlog.log”
Hello @invokozen
The below example is assuming Graylog Sidecar is being used. Look at the output section and alter host to your Graylog instance IP address and port to the port number the input your are sending to is listening on.
define ROOT C:\Program Files\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel INFO
<Extension logrotate>
Module xm_fileop
<Schedule>
When @daily
Exec file_cycle('%ROOT%\data\nxlog.log', 7);
</Schedule>
</Extension>
<Extension gelfExt>
Module xm_gelf
# Avoid truncation of the short_message field to 64 characters.
ShortMessageLength 65536
</Extension>
<Input eventlog>
Module im_msvistalog
PollInterval 1
SavePos True
ReadFromLast True
#Channel System
<QueryXML>
<QueryList>
<Query Id='1'>
<Select Path='Security'>*</Select>
<Select Path="Application">*</Select>
<Select Path="System">*</Select>
</Query>
</QueryList>
</QueryXML>
</Input>
<Input file>
Module im_file
File 'C:\Windows\MyLogDir\\*.log'
PollInterval 1
SavePos True
ReadFromLast True
Recursive False
RenameCheck False
Exec $FileName = file_name(); # Send file name with each message
</Input>
<Output gelf>
Module om_tcp
Host 10.10.1.10
Port 5045
OutputType GELF_TCP
<Exec>
# These fields are needed for Graylog
$gl2_source_collector = '${sidecar.nodeId}';
$collector_node_id = '${sidecar.nodeName}';
</Exec>
</Output>
<Route route-1>
Path eventlog => gelf
</Route>
<Route route-2>
Path file => gelf
</Route>
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.