Client on windows and linux

Hi,
I configure test system Windows and linux. In Windows I try configure NXLog (GELF) and have error when for test broken connection:

ERROR couldn’t connect to udp socket on 10.162.9.180:12500; A socket operation was attempted to an unreachable network.

In this sytuation only restart NXLog service help.
I try reconfigure NXLog for syslog. After that I didn`t have log in greylog.

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension json>
 Module xm_json
</Extension>
<Extension syslog>
 Module xm_syslog
</Extension>
<Input internal>
 Module im_internal
 Exec $Message = to_json();
</Input>
<Extension _syslog>
	Module      xm_gelf
</Extension>
<Processor buffer>
Module pm_buffer
MaxSize 102400
Type disk
</Processor>
<Input eventlog>
 Module im_msvistalog
 SavePos TRUE
 Query    <QueryList>\
            <Query Id="0">\
                <Select Path="Application">*[System[(Level=1  or Level=2 or Level=3)]]</Select>\
                <Select Path="Security">*[System[(Level=1  or Level=2 or Level=3)]]</Select>\
                <Select Path="System">*[System[(Level=1  or Level=2 or Level=3)]]</Select>\
                <Select Path="HardwareEvents">*[System[(Level=1  or Level=2 or Level=3)]]</Select>\
            </Query>\
        </QueryList>
Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; to_json();
</Input>
<Output out>
 Module om_tcp
 Host 10.162.9.180
 Port 12500
</Output>
<Route 1>
 Path eventlog => buffer => out
</Route>

Please post the complete configuration of the input you’ve created in Graylog.

You could also use Filebeat to ship Windows Event Logs to Graylog (with a Beats input) if you can’t make NXLOG work for you.

Are clients and Graylog server in the same network?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.