Collecting Windows Logs with nxlog doesn´t work properly

I just tried to collect some Windows Logs from a Windows Server 2019. My Graylog Server is located on a ubuntu 22.04 machine. I did the same procedure as the youtube video suggested: https://www.youtube.com/watch?v=a3LbQow7i4Q

After i edited the conf file and restarted the nxlog service there are still no logs that are collected via graylog. There also doesm´t seem to be an error because the input is running with no data collected.

Is there someone who had this issue already or maybe who can help? It´s my first time using it.

Did you look at your Errorlog?

Iam guessing you are getting indexing Errors.

For better Context:
Do you have this setup in an corporate enviroment i.e. at work or at Home?

An Input can run, even if there arent any Logs received.

I would not use this tutorial. NXLog is a b**** to manage. Maybe look into using a Beat.

Standard Questions:
Are

• IP-Connections set correctly?
• Ports Open/Unblocked on your source?
• Do you have other LogSources that you can compare against? i.e. (Linux-Servers/Machines or other devices/Services)?

I just get Warnings talking about not having the elasticsearch security features enabled, idk if that has anything to do with the issue.

I have a corporate setup and this is our first and only logging system, i also checked the blocked ports and ip connections already.

I had similar issue on a corporate Network, it appeared that in the GPO there was not set Audit policy (machines were not logging events), then NXlog had nothing to send…
Also I would suggest to try using different UDP ports. What worked for me was 15440, 14440 and 5555.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.