GELF TCP and RAW TCP - NXLOG and GRAYLOG

Malcolm · May 10, 2023, 9:08am

Hi,

I’m using graylog 5.0.6 on Debian 11. I want to collect allf of the eventlog from a Windows server.
I installed the nxlog community agent on it.

If I configure my Input on “RAW TCP” I’m collecting a lot of informations. If I change the “RAW TCP” to “GELF TCP”, I’m collecting some information but not much as the RAW configuration. Do you know why ?
If I configure the GELF “UDP”, I’m collecting the same information than with “RAW” but the format is better.

I have to collect informations with TCP/TLS. All is work with RAW but not with GELF.

Why ?
I have to set others stuff inside the nxlog.conf ?

This is an exemple of my nxlog.conf (without TLS) :

Module om_tcp
Host my-graylog
Port 4515
OutputType GELF
Exec to_syslog_snare

Thanks!
Malcolm

Joel_Duffield · May 10, 2023, 9:57am

Have a look at this example NXlog config, and see if matching its settings helps the issue Sample NXLog Windows Collection configuration

Malcolm · May 10, 2023, 12:01pm

YES!
It works, thank you.

Regards,
Malcolm

system · May 24, 2023, 12:02pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
NXLOG failing to send GELF to graylog New to Graylog Community? READ-ME FIRST Guides	4	1018	November 11, 2022
Setup of Graylog and NXLog Graylog Central (peer support) nxlog	14	3789	January 27, 2023
Inputs and configuration Graylog Central (peer support) nxlog	6	883	June 9, 2023
NxLog configured but cannot see any logs on Greylog Graylog Central (peer support) sidecar , nxlog , winlogbeat , nodatanx	4	830	September 23, 2020
Question for the implementation of Graylog Graylog Central (peer support)	1	307	June 7, 2022

GELF TCP and RAW TCP - NXLOG and GRAYLOG

Related topics