nxLog , Messages not showing

hello to everyone
i m trying to forward logs from my windows 7 host to the graylog server ( ubuntu 16.06)
thins is the config of nxlog :

## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html
 
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
 
define ROOT C:\Program Files\nxlog
#define ROOT C:\Program Files (x86)\nxlog
 
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
 
<Extension gelf>
    Module      xm_gelf
</Extension>
 
<Input in>
   Module      im_msvistalog
    ReadFromLast FALSE
    SavePos     FALSE
    Query       <QueryList>\
                    <Query Id="0">\
                        <Select Path="Application">*</Select>\
                        <Select Path="System">*</Select>\
                        <Select Path="Security">*</Select>\
                    </Query>\
                </QueryList>
</Input>
 
<Output out>
    Module      om_udp
    Host        192.168.111.132
    Port        12201
    OutputType  GELF
</Output>
 
<Route 1>
    Path        in => out
</Route>

and in the graylog host using wireshark i see the packet comming :

and this is my imput configuration :

well if everything is correct i m supposed to get my logs but :

i work with rsyslog with my ubuntu machine and it’s working perfectly

and the port is listening :

Thank u everyone for your help

Does it show in the inputs page that the input receives bytes?

Are there error messages in the Graylog server log?

thank you for your answer !

but nothing is showing

What’s in the logs of your Graylog node?
http://docs.graylog.org/en/2.4/pages/configuration/file_location.html

hey Johcen thank you for your reply he it is

>     2018-03-08T09:34:43.695Z INFO  [InputStateListener] Input [GELF UDP/5a9fc3f68cdcb6055d18c358] is now STOPPING
>     2018-03-08T09:34:43.707Z INFO  [InputStateListener] Input [GELF UDP/5a9fc3f68cdcb6055d18c358] is now STOPPED
>     2018-03-08T09:34:43.709Z INFO  [InputStateListener] Input [GELF UDP/5a9fc3f68cdcb6055d18c358] is now TERMINATED
>     2018-03-08T09:36:29.197Z INFO  [InputStateListener] Input [GELF UDP/5a9fc3f68cdcb6055d18c358] is now STARTING
>     2018-03-08T09:36:29.340Z WARN  [NettyTransport] receiveBufferSize (SO_RCVBUF) for input GELFUDPInput{title=nxlog windows udp, type=org.graylog2.inputs.gelf.udp.GELFUDPInput, nodeId=ffd6a6a0-cc15-4067-995f-c2b6c4eaf676} should be 262144 but is 212992.
>     2018-03-08T09:36:29.347Z INFO  [InputStateListener] Input [GELF UDP/5a9fc3f68cdcb6055d18c358] is now RUNNING
>     2018-03-08T09:38:44.691Z WARN  [Messages] Failed to index message: index=<graylog_0> id=<7de72c80-22b4-11e8-98ef-000c290eb38e> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [EventType], expected [true] or [false]"}}>
>     2018-03-08T09:38:44.691Z ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.

There is an erreur can you help to solve please :S

Try rotating the active write index (System/Indices/Index Set/Maintenance).

i ll try now
but i just change the node to global and the ereur i’m having in the log messsages when i recive any log from the client host 192.168.111.133 is :

2018-03-08T10:25:18.734Z WARN  [Messages] Failed to index message: index=<graylog_0> id=<ffab54c0-22ba-11e8-98ef-000c290eb38e> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [EventType], expected [true] or [false]"}}>
2018-03-08T10:25:18.734Z ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-03-08T10:25:20.612Z WARN  [Messages] Failed to index message: index=<graylog_0> id=<00d99b90-22bb-11e8-98ef-000c290eb38e> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [EventType], expected [true] or [false]"}}>
2018-03-08T10:25:20.612Z ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.

any idea please ?

and excuse me i can’t " maintenance " sorry

Make sure that your Elasticsearch index templates and mappings work with the version of Elasticsearch you’re using.
http://docs.graylog.org/en/2.4/pages/configuration/elasticsearch.html#custom-index-mappings

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.