Getting started with Graylog

Hello Guys,

I am a Newbie to Graylog and want to get stated asap. I installed the Graylog OVA on an VM. I can access the Graylog via my browser.
Now a want to send LogData to the Server.

I have some applications that write LogFiles and I want to see this Data in my browser.

I have two application that write LogFiles on a Linux server an about 3 that write LogFiles on a Windwos 2012 Server.

What is the best way to start. What do I have to configure so that I can see all the LogMessages.

If you need any more informations just aks.

Best regards.


You have to ship these log messages to Graylog, for example by using a log shipper such as Filebeat, Winlogbeat, or NXLOG.

If you don’t want to configure these log shippers manually, you can use the Graylog Collector Sidecar:

Also make sure to read

Hello Jochen,

thx for your help. I will try the Graylog Collector Sidecar.
At the moment I have another Problem.

When I am trying to access the webinterface, this error occures.

Graylog is restarting...

There is no Graylog web application running at the moment, please reload this page in a minute. It can take 
up to 1-2 minutes until all services are running properly. In case this is a permanent error, check the 

Check if all services are running - sudo graylog-ctl status shows an overview of all running services
Check for errors in log files - Relevant services write log files here: /var/log/graylog/*/current
Ask for help - If there is no way to fix the issue ask for help:

I checked all services an the first output I recieve is:

**sudo: unable to resolve host graylog**
run: elasticsearch: (pid 26821) 3s; run: log: (pid 792) 506931s
run: etcd: (pid 14909) 13828s; run: log: (pid 800) 506931s
run: graylog-server: (pid 819) 506931s, got TERM; run: log: (pid 793) 506931s
run: mongodb: (pid 14919) 13827s; run: log: (pid 801) 506931s
run: nginx: (pid 14923) 13827s; run: log: (pid 799) 506931s

Is there a way to reset the OVA to “default settings”?

You can use the following command for cleaning all custom configuration and data from the OVA:

# sudo graylog-ctl cleanse

See for details.

Also make sure to check the logs of the Graylog node for possible error and warning messages before cleaning:

1 Like

Hello Jochen,

thanks for your tipps.

Can you help me with the nxlog config. I am trying to send Log-Messages from
/PATH/name.log to my graylog Server. I am talking about a application log so there is no standard structure.

I have already cared about Firewall Rules, that should work without any problems.

At the moment my nxlog.conf looks like this:

## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension _syslog>
    #Module      xm_syslog
	 Module		 xm_gelf			

<Input in>
    Module      im_msvistalog
# For windows 2003 and earlier use the following:
#   Module      im_mseventlog

<Output out>
    Module      om_udp
    Port        514
    #Exec        to_syslog_snare();
	OutputType	GELF

<Route 1>
    Path        in => out

The Path to my log looks like this: 

Thanks :slight_smile:

please read the NXLOG Documentation how you take your input file. In addition you could just search in the Forum how other solved that.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.