Multiple NXLog inputs and Outputs

Graylog Central (peer support)
, ,
1

Hey,

I am currently having trouble finding a way to input multiple inputs. So I am currently forwarding my DNS log with the following:

> define ROOT C:\Program Files (x86)\nxlog
> 
> Moduledir %ROOT%\modules
> CacheDir %ROOT%\data
> Pidfile %ROOT%\data\nxlog.pid
> SpoolDir %ROOT%\data
> LogFile %ROOT%\data\nxlog.log
> 
> <Extension gelf>
>     Module xm_gelf
>     ShortMessageLength -1
> </Extension>
> 
> <Input dns>
>     Module  im_file
>     File  "C:\DNS\dns.log"
>     SavePos TRUE
>     InputType LineBased
> </Input>
> 
> <Output out> 
>     Module      om_udp
>     Host        192.168.0.168
>     Port        5414
>     OutputType  GELF
> </Output>
> 
> <Route 2>
>     Path        dns => out
> </Route>

That works 100% and I am happy with the results. The issue comes with trying to send the DNS log and sending Windows Event logs as well. I tried the following but it always comes back with errors.

Both DNS and Winlogs

> define ROOT C:\Program Files (x86)\nxlog
> 
> Moduledir %ROOT%\modules
> CacheDir %ROOT%\data
> Pidfile %ROOT%\data\nxlog.pid
> SpoolDir %ROOT%\data
> LogFile %ROOT%\data\nxlog.log
> 
> <Extension gelf>
>     Module xm_gelf
>     ShortMessageLength -1
> </Extension>
> 
> <Input in1>
>     Module      im_msvistalog
> # For windows 2003 and earlier use the following:
> #   Module      im_mseventlog
> </Input>
> 
> <Input dns2>
>     Module  im_file
>     File  "C:\DNS\dns.log"
>     SavePos TRUE
>     InputType LineBased
> </Input>
> 
> <Output out2> 
>     Module      om_udp
>     Host        192.168.0.168
>     Port        5414
>     OutputType  GELF
> </Output>
> 
> <Output out1>
>     Module      om_tcp
>     Host        192.168.0.168
>     Port        12201
>     OutputType	GELF_TCP
> </Output>
> 
> <Route 1>
>     Path        in => out
> </Route>
> 
> <Route 2>
>     Path        dns => out
> </Route>

Error:
2018-05-03 10:46:31 ERROR module ‘in’ is not declared at C:\Program Files (x86)\nxlog\conf\nxlog.conf:42
2018-05-03 10:46:31 ERROR module ‘out’ is not declared at C:\Program Files (x86)\nxlog\conf\nxlog.conf:42
2018-05-03 10:46:31 ERROR route 2 is not functional without input modules, ignored at C:\Program Files (x86)\nxlog\conf\nxlog.conf:42
2018-05-03 10:46:31 ERROR module ‘dns’ is not declared at C:\Program Files (x86)\nxlog\conf\nxlog.conf:46
2018-05-03 10:46:31 ERROR module ‘out’ is not declared at C:\Program Files (x86)\nxlog\conf\nxlog.conf:46
2018-05-03 10:46:31 ERROR route 1 is not functional without input modules, ignored at C:\Program Files (x86)\nxlog\conf\nxlog.conf:46
2018-05-03 10:46:31 WARNING no routes defined!
2018-05-03 10:46:31 WARNING not starting unused module in2
2018-05-03 10:46:31 WARNING not starting unused module dns1
2018-05-03 10:46:31 WARNING not starting unused module out1
2018-05-03 10:46:31 WARNING not starting unused module out2
2018-05-03 10:46:31 INFO nxlog-ce-2.9.1716 started

Just looking for a way to maybe input it correctly or find a way to use multiple NXLog config files

2

You’re referencing the wrong input and output names, e. g. “out” instead of “out1” or “out2”.

1 Like
3

Ah I see. Thank you. It is working now 100%

4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.