I use NXlog (controlled by sidecar collector) to forward Windows logs.
But I can’t send directly these logs to Graylog, I need to relay them through a linux Rsyslog v8.
At first I had a rsyslog issue because it uses LF as delimiter and not \0 as NXlog GELF output.
I resolved this issue with "AddtlFrameDelimiter=“0” in rsyslog configuration.
Then I need to forward these logs from rsyslog to the GELF TCP input.
I use the following rsyslog template:
template(name=“foobar” type=“string” string="%syslogtag%%msg%%msg:::drop-last-lf%\0")
But it does not work, the GELF TCP input displays no message received.
And I don’t see any error in server.log.
Does someone manage NXlog to rsyslog to GELF TCP input ?