I’m having trouble getting nxlog to ship to graylog using the the file input. I’ve done this many times before with linux without issue and even windows tailing IIS logs. In this case I’m trying to ingest files that contain JSON but for some reason. Even though sidecar show all is good and loads the config. Nxlog throws no errors I still can’t get it to work. Have GELF TCP output set in NXLOG and GELF TCP Input in graylog. Should work. Even see current active connections on the graylog input but no data coming in. What am I doing wrong here? Config as follows for NXLOG. (Config built using sidecar)
define ROOT C:\Program Files (x86)\nxlog
<Extension gelf>
Module xm_gelf
</Extension>
<Input 5abd09ed041f630d6ab4ee24>
Module im_file
File 'D:\Scripts\SigninLogger\*.log'
PollInterval 10
SavePos False
ReadFromLast True
Recursive True
RenameCheck False
Exec $FileName = file_name(); # Send file name with each message
</Input>
<Output 5abd0989041f630d6ab4edab>
Module om_tcp
Host 10.3.98.32
Port 8484
OutputType GELF_TCP
Exec $short_message = $raw_event; # Avoids truncation of the short_message field.
Exec $gl2_source_collector = '9ee4ff87-aa25-486d-9980-7a0de8328980';
Exec $collector_node_id = 'name.domain.local';
Exec $Hostname = hostname_fqdn();
</Output>
<Route route-0>
Path 5abd09ed041f630d6ab4ee24 => 5abd0989041f630d6ab4edab
</Route>
Graylog input config
sqlreader GELF TCP 3 RUNNING
bind_address: 0.0.0.0
decompress_size_limit: 8388608
max_message_size: 2097152
override_source: <empty>
port: 8484
recv_buffer_size: 1048576
tcp_keepalive: false
tls_cert_file: <empty>
tls_client_auth: disabled
tls_client_auth_cert_file: <empty>
tls_enable: false
tls_key_file: <empty>
tls_key_password: ********
use_null_delimiter: false