I have used nxlog before but according to the link below nxlog community edition only works up to 2012. Is there another way to send logs from server 2016 machines or do people just use nxlog anyway???
Nxlog still works fine for me. I will give you a bit of a heads up though, from what I’ve seen personally, a lot of the pipelines people create that you can find on github, people utilize Winlogbeats. I believe it’s a bit easier to rename fields before sending them to Graylog, which will help when you use pipelines that other people have created instead of manually renaming all of them.
Sorry I am not that familiar. But what are pipelines?
On the 2012 server I used, I just set it up on the server, added the input in Graylog and didn’t do much else.
Winlogbeats works with Graylog? Is there any documentation I can look at?
If you are not concerned with Pipelines at the moment, I would just set up Nxlog the same way you deployed on the 2012 server. Or better yet instead of winlogbeats, use graylog sidecar: https://www.graylog.org/blog/73-back-to-basics-connecting-sidecar-and-processing-pipelines
the question here is @martineznet - did you want to transfer windows event log or files from windows to graylog?
You could use winlogbeat for the event logs and filebeat for log files - and if you fear the configuration you can use the collector-sidecar to assist you with that.
I was thinking event logs at first but may be interested in log files now that you mention it.
I have 2016 domain controller… are there any particular log files that would be good for me to send for a domain controller or even just in general for a windows machine?
Also… can winlogbeat and filebeat be used on the same server?
Is filebeat more for the log files of applications that may be installed on a server? and winlogbeat more for generic windows logs from the event logs.
I’m definitely newer to this stuff. Thanks!
hej @martineznet
the filebeat is a log file shipper that takes any (log) file and transport new added content to graylog.
winlogbeat reads the windows event log and transport that to graylog.
you can have as many beats running as you like on the same server - that is not an or decision, more a composing of tools that you need.
Ok, thanks. Is there anything you would use filebeats on for a domain controller?
if some of the used applications is writing into log files and not windows event log i would use filebeat.
that is up to your snowflake setup.
NXlog has been working fine on Windows Server 2016 for me.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.