Hi, i have recently setup graylog and i’m using nxlog as my collector,
everything seems to be working fine except nxlog is not sending logs to the graylog server,
i have checked nxlog logs and this is the error
2019-04-16 11:51:08 ERROR failed to open C:\Users\s.chimere\Desktop\GRAYLOG; Access is denied
C:\Users\s.chimere\Desktop\GRAYLOG this is where i have my test logs that i want to send to the graylog server
Please can anyone help.
It means, account under which nxlog service is running cannot access C:\Users\s.chimere\Desktop\GRAYLOG.
okay thank you
so the graylog server and the machine with the sidecar need to be in the same domain. yes ?
No, this is something about permissions on computer with nxlog installed. BTW, user profile, including desktop, is not the best place for test files, Windows can create some mess with permissions there. Make some folder under C:\ and place test logs there and see if something changes.
Alright thanks,
will try and revert
i think i have this sorted out but im not receiving logs,
i am trying to pull a couple of .txt logs from computer to the server
i’m using beats input and below is my nxlog config
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel INFO
#Channel System
#<QueryXML>
# <QueryList>
# <Query Id='1'>
# <Select Path='Security'>*[System/Level=4]</Select>
# </Query>
# </QueryList>
#</QueryXML>
Please make configuration as preformatted text, it’s very hard to read it now
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel INFO
<Extension logrotate>
Module xm_fileop
<Schedule>
When @daily
Exec file_cycle('%ROOT%\data\nxlog.log', 7);
</Schedule>
</Extension>
<Extension gelfExt>
Module xm_gelf
# Avoid truncation of the short_message field to 64 characters.
ShortMessageLength 65536
</Extension>
<Input eventlog>
Module im_msvistalog
PollInterval 1
SavePos True
ReadFromLast True
#Channel System
#<QueryXML>
# <QueryList>
# <Query Id='1'>
# <Select Path='Security'>*[System/Level=4]</Select>
# </Query>
# </QueryList>
#</QueryXML>
</Input>
<Input error.log>
Module im_file
File 'C:\GRAYLOG'
</Input>
<Input file>
Module im_file
File "C:\GRAYLOG\log.txt"
PollInterval 1
SavePos True
ReadFromLast True
Recursive False
RenameCheck False
Exec $FileName = file_name(); # Send file name with each message
</Input>
<Output gelf>
Module om_udp
Host 192.168.3.44
Port 5044
OutputType GELF
<Exec>
# These fields are needed for Graylog
$gl2_source_collector = '${sidecar.nodeId}';
$collector_node_id = '${sidecar.nodeName}';
</Exec>
</Output>
<Route route-1>
Path eventlog => gelf
</Route>
<Route route-2>
Path file => gelf
</Route>sorry about that hope this is better ?
Much better
Do you receive eventlogs from this computer?
Try to use path without quotes (it is possible, since it contains no white spaces):
<Input file>
Module im_file
File C:\\GRAYLOG\\log.txti do not receive eventlogs and i have taken out the quotes and i am still not receiving any logs
anything else i can try
OK, so problem is in nxlog output, not input. Or on graylog server. Do you receive something from other sources on graylog server?
the logs i want to send to my graylog server are on this computer
no i do not receive anything
i do not have any other sources setup
is my output config okay ? i’m not exactly sure of it
Are you using Sidecar, not simply Nxlog?
i am using graylog sidecar
I f so, all configuration should be in Sidecar, not nxlog.conf. I am not using it, can’t help, sorry.
thanks, can you @ someone here you think can help me
I am not very active member of this community, no personal contacts here.
My suggestion is, read once more the documentation about Sidecar, try to configure it. If no luck, ask in new thread.