Linux RedHat - NXLog

AndreasD · January 3, 2018, 9:20am

Hey Guys,

Please take a look on my nxlog.conf on my Linux Redhat VM.

########################################
# Global directives                    #
########################################
User nxlog
Group nxlog

LogFile /var/log/nxlog/nxlog.log
LogLevel INFO

########################################
# Modules                              #
########################################
<Extension gelf>
    Module      xm_gelf
</Extension>

<Input in>
        Module  im_file
        File    "/var/log/messages"
</Input>

<Output out>
    Module      om_tcp
    Host        172.20.42.15
    Port        12201
    OutputType  GELF_TCP
</Output>

########################################
# Routes                               #
########################################
<Route 1>
    Path        in => out
</Route>

I am trying to push log messages to my logserver via GELF_TCP. In my Input nothing is shown…
Thanks for you help.

jochen · January 3, 2018, 10:15am

Is the user “nxlog” or the group “nxlog” allowed to read from /var/log/messages?
Is there a GELF TCP input running in Graylog?
Is 172.20.42.15 the correct IP address and is 12201 the correct port of said GELF TCP input?

And last but not least, why use NXLOG and not the system’s syslog daemon to forward messages to Graylog?

AndreasD · January 3, 2018, 1:26pm

Hello Jochen,

thanks for your reply.
Can I also use my own user?
Yes I do also habe a TCP_GELF Input!
IP and Port also correct!

Can the syslog deamon send messages to var/log/messages and to my graylog server? Or is it either or?

Thanks

jochen · January 3, 2018, 1:39pm

You can do whatever you want on your systems.

You let the syslog daemon write log messages to both destinations.

AndreasD · January 16, 2018, 12:44pm

I have another Question.
I tried to install the rpm packed but It always tells me missing dependencies:

How can I finish my installation? What can I do?

jochen · January 16, 2018, 1:13pm

You have to install the missing package(s) or use a statically linked version of NXLOG.

AndreasD · January 16, 2018, 1:15pm

Where can I find the right ones, their are so many different!? Sorry but I am new to Linux and to Graylog.

jochen · January 16, 2018, 1:52pm

How exactly have you tried installing NXLOG on your system?

Also take a look at the Collector Sidecar, which helps you setting up and configuring various third party log shippers (such as NXLOG or Filebeat).
http://docs.graylog.org/en/2.4/pages/collector_sidecar.html

AndreasD · January 18, 2018, 4:06pm

Hello Jochen,

thanks for your help, now the NXLog is up and running. It is sending log messages to my graylog server!

I was asking myself how i can read a hole line of my “message.log” with nxlog to my graylog server! Where can I configure all the parameters and how do the grok pattern work with all that topic?!

I don´t see the connections between nxlog parsing and the graylog recieving message.

Thanks

system · February 1, 2018, 4:07pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Nxlog file input Graylog Central (peer support) sidecar , nxlog , nodatanx	2	2485	April 12, 2018
NXLOG failing to send GELF to graylog New to Graylog Community? READ-ME FIRST Guides	4	906	November 11, 2022
Setup of Graylog and NXLog Graylog Central (peer support) nxlog	14	2655	January 27, 2023
Multiple log format adding Graylog Central (peer support)	4	374	April 23, 2018
GELF TCP and RAW TCP - NXLOG and GRAYLOG Graylog Central (peer support) nxlog , gelf	3	592	May 24, 2023

Linux RedHat - NXLog

Related Topics