Was testing sidecar configurations for NXlog on Windows server 2016, running Graylog3 on ubuntu. When pushing the config changes the service would fail to start. After some testing it is because of the encoding of the file%PROGRAMFILES%\Graylog\sidecar\generated\nxlog.conf. The encoding of the file when pushed by Graylog is UTF-8-mac which will log an error in the nxlog file "nxlog failed to start: > directive missing closing ‘>’ ". The nxlog.conf needs to be UTF-8-win/dos to interpret the proper escape characters.
My current workaround: edit the nxlog file from the windows machine.
Has anyone else ran into this and have a better work around? I’d rather not be editing the nxlog config from the individual machines since i will be deploying to around 50+ servers. Kind of the whole point of the sidecar.
<Input in>
# For windows vista/2008 and above use:
Module im_msvistalog
Query <QueryList>\
<Query Id="0">\
<Select Path="Application">*</Select>\
<Select Path="System">*</Select>\
<Select Path="Security">*</Select>\
</Query>\
</QueryList>
</Input>
Just removed the backslash character, no characters to interpret = no characters to cause errors. Works for now just looks not the best. Below works when editing from graylog
<Input in>
# For windows vista/2008 and above use:
Module im_msvistalog
Query <QueryList><Query Id="0"><Select Path="Application">*</Select><Select Path="System">*</Select><Select Path="Security">*</Select></Query></QueryList>
</Input>
