Parsing custom logs on Windows Servers in a directory


We have a bespoke application that runs exclusivly on Windows Servers that writes errors and messages to text files saved in a directory - c:\customapplogs

Is it possilbe to parse these custom text files into Graylog please so they are viewable from a web console and configure alerting via email to relevant dev’s?

Thanks in advance

Hi ftl,

This is what we do with NXlog and preferable in GELF format as we went stuck on sending plain text. On the Graylog side you configure a GELF TCP port. (or udp if you require that)

Your nxlog config could look like this:

Panic Soft
#NoFreeOnExit TRUE

define ROOT     C:\Program Files\nxlog
define CERTDIR  %ROOT%\cert
define CONFDIR  %ROOT%\conf
define LOGDIR   %ROOT%\data

define LOGFILE  %LOGDIR%\nxlog.log

Moduledir %ROOT%\modules
CacheDir  %ROOT%\data
Pidfile   %ROOT%\data\
SpoolDir  %ROOT%\data

<Extension gelf>
    Module xm_gelf
	ShortMessageLength 65536

<Extension multiline>
    Module       xm_multiline
    HeaderLine	 /^[0-9]{4}-[0-9]{2}-[0-9]{2}.[0-9]{2}:[0-9]{2}:[0-9]{2}.[0-9]{3}(.*)/
    (this makes it possible to have multiline events in one message triggering on the timestamp in your logfile as first line, adjust this to your needs)
$raw_event = $1;

<Input application_log>
    Module  im_file
    InputType   multiline
    File    "R:\logs\yourlogfile.log"

<Output tcp>
    Module om_tcp
    Host <ip graylog server>
    Port < the port you want on graylog>
	OutputType  GELF_TCP

<Route messages_to_tcp>
    Path application_log => tcp

Kind greetings,



thankyou for the detailed reply Arie

Will look into this


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.