I’ve been following the documentation in order to successfully send my Windows Server logs to Graylog using Nxlog and Sidecar but can’t get my configurations right.
I am running Graylog on Ubuntu 18.04 and here’s where I am stuck/tried:
- Installed and verified that sidecar is running.
- Installed Nxlog on Windows Host and disabled service
- Configured Sidecar with api token and url
- Created a TCP GELF input
Now this is where I am having trouble. I am now supposed to create a configuration under sidecar->create configuration. I followed the instructions and by selecting NXlog on Windows, a configuration automatically pops up. Am I supposed to edit the Host here and add the IP of the Windows machine? Anything else?
What about the .conf file on the Windows machine? What part am I supposed to edit or add? Where can I find a working configuration?
Once the configuration is done on both, do I restart the sidecar service and assign the newly created configuration to the sidecar (sidecar->administration->select Nxlog->configure)?
Please let me know if more information is needed as I tried to be a thorough as possible.