NxLog configured but cannot see any logs on Greylog

Graylog Central (peer support)
, , ,
1

Greetings community

Am trying to config NXlog to send windows events to greylog server. But I cannot see any events sent on greylog server.
I can see the logs are being set to the greylog server via the firewall. So there isn’t anything blocking as such.
Config for greylog server

Module xm_gelf # Use 'im_mseventlog' for Windows XP, 2000 and 2003 Module im_msvistalog # Uncomment the following to collect specific event logs only Query \ \ *\ *\ *\ \ Module om_udp Host 10.x.x.x Port 12201 OutputType GELF Path eventlog => udp

greylog config

image
image1160×1416 87.8 KB

image
image563×511 75.8 KB

– things I’ve done
Index. System-Indicies- Default Index- Rotate Active Index.

I couldn’t see anything particular related to GELF on the greylog server logs?

2

hi, Jbix34

Which version of the Graylog do you use?
Have you checked the Nxlog log ?
C:\Program Files (x86)\nxlog\data

# sudo tcpdump -i lo host  <IP Client > and udp port 12201
AND 
test open port 
 #  sudo netstat -peanut | grep :12201

Why not use Winlogbeat ?
https://www.elastic.co/guide/en/beats/winlogbeat/current/_winlogbeat_overview.html

3

Also input type should be GELF (perhaps you already have, screenshot doesn’t show this)

4

Thanks you guys for your prompt responses. It turns out I haven’t allow port 12201 via the AWS security rule for the EC2 instance. I can now see the windows logs successfully.

5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.