How to send logs from Windows

Graylog Central (peer support)
, ,
1

Hi , I am the rookie of the Graylog2 and I have downloaded the “collector_sidecar_installer_0.1.4-1.exe”

However, when I follow the guide of collector-sidercar, I found I could see files of the log folder by click the name of collector(in web System/Collectors) but ‘Nothing found’ in ‘Show messages’.

Did i misconfiged something?

Here are my config:
1.collector_sidecar.yml:

server_url: http://192.168.1.109:9000/api
update_interval: 10
tls_skip_verify: true
send_status: true
list_log_files: F:\test
node_id: graylog-collector-sidecar
collector_id: file:C:\Program Files\graylog\collector-sidecar\collector-id
cache_path: C:\Program Files\graylog\collector-sidecar\cache
log_path: C:\Program Files\graylog\collector-sidecar\logs
log_rotation_time: 86400
log_max_age: 604800
tags: [windows]
backends:
- name: nxlog
enabled: false
binary_path: C:\Program Files (x86)\nxlog\nxlog.exe
configuration_path: C:\Program Files\graylog\collector-sidecar\generated\nxlog.conf
- name: winlogbeat
enabled: true
binary_path: C:\Program Files\graylog\collector-sidecar\winlogbeat.exe
configuration_path: C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml
- name: filebeat
enabled: true
binary_path: C:\Program Files\graylog\collector-sidecar\filebeat.exe
configuration_path: C:\Program Files\graylog\collector-sidecar\generated\filebeat.yml

  1. Editing Input beats
    Title : beats-input
    Bind address : 0.0.0.0
    port : 5044

So how can I send message from my Windows10 to the graylog server and i could check the log in the web.

Thanks a lot.

2

did you created a configuration and give that configuration the tag nxlog ?

Currently you had only configured the Sidecar that it is able to connect to Graylog to get the configuration. Additional you had configured the Input on Graylog where the Messages should be send to.

Now you need to configure the collector to collect the logs and send them over to Graylog.

3

Thank you i will try. did i need to turn the ‘false’ to ‘true’ in ‘collector_sidecar.yml’-backends-nxlog-enabled.

4

i still have some question about how to configured nxlog

1.what type of OUTPUT NVLOG i should choose . and ip and port is 127.0.0.1 and 12201?

2.what type i should choose in INPUT NXLOG

3.Did i need difine NXLOG Snippets

5

did i need to turn the ‘false’ to ‘true’ in ‘collector_sidecar.yml’-backends-nxlog-enabled.

if you want to use NXLOG - yes.

6

what is the goal - did you like to get the windows event log or did you like to get a specific logfile?

7

I want to get all logfiles in a specific logfile folder

8

In “Configuration tags” i have config as pic below but i still don’t get any message from this collector, did i missed something important

catch
catch.PNG1857×570 44.6 KB
catch2

9

you do not need to configure beats and nxlog - just use one shipper!

10

Oh, thank you, i have accept the message by configure shipper, it look amazing !

11

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.