Graylog sidecar with nxlog backend

@tmacgbay Hi so i think i have been able to get rid of some of the errors but i’m not receiving any logs on graylog server

My SIdecar logs
ime=“2019-04-24T15:50:52+01:00” level=info msg=“Starting signal distributor”
time=“2019-04-24T15:51:02+01:00” level=info msg=“Adding process runner for: nxlog”
time=“2019-04-24T15:51:02+01:00” level=info msg="[nxlog] Configuration change detected, rewriting configuration file."
time=“2019-04-24T15:51:02+01:00” level=info msg="[nxlog] Starting (svc driver)"

Nxlog logs

019-04-24 15:51:02 INFO nxlog-ce-2.10.2150 started
2019-04-24 15:51:02 ERROR apr_sockaddr_info failed for 192.168.3.44:5044:5044; No such host is known.  
2019-04-24 15:51:03 WARNING Due to a limitation in the Windows EventLog subsystem, a query cannot contain more than 256 sources.
2019-04-24 15:51:03 WARNING The following sources are omitted to avoid exceeding the limit in the generated query:  Microsoft-Windows-SMBServ

Thats it.
Sorry for bombarding you with so much info

Why are there double port numbers after the IP?

192.168.3.44:5044:5044

That was a mistake i have corrected it, still the same

You aren’t giving much information to go on. Also - this should be in the public forums.

I just want to point to: Questions and You: A guide to getting an answer

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.