Hello everyone, my name is Alex, I have a task to collect logs from machines under O.S. Windows 7 and 10. I installed the greylog, but I can’t start collecting logs from windows machines. Read the documentation “step by step”
But nothing happened.
I create input.
After, download sidecar graylog and nxlog, install on the client. I enter server url and api token into the sidecar config.
server_url: hstrong textttps://grl.tk-1.ru/api
server_api_token: “8ibor3a6j41919j57vdapcrm4a9na1fnpdc0jm4nge4oqlmudoq”
Blockquote
And nxlog config
Panic Soft
#NoFreeOnExit TRUE
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
Extension _syslog>
#Module xm_syslog
Extension
Extension _charconv
Module xm_charconv
AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
Extension
Extension _exec
Module xm_exec
Extension
Extension _fileop
Module xm_fileop
Check the size of our log file hourly, rotate if larger than 5MB
Schedule>
Every 1 hour
Exec if (file_exists(‘%LOGFILE%’) and
(file_size(‘%LOGFILE%’) >= 5M))
file_cycle(‘%LOGFILE%’, 8);
Schedule
Rotate our log file every week on Sunday at midnight
Schedule
When @weekly
Exec if file_exists(‘%LOGFILE%’) file_cycle(‘%LOGFILE%’, 8);
Schedule
/Extension
/Extension _gelf
Module xm_gelf
/Extension
/Input win>
Module im_msvistalog
/Input>
/Output graylog>
Module om_udp
Host 10.10.101.100
Port 5555
OutputType GELF
/Output>
/Route graylog_route
Path win => graylog
/Route
Then I go to the system sidecar in the configuration. Create a new configuration. I choose nxlog on windows.
I can not understand, the nxlog configuration on the client and the nxlog on windows configuration should be the same? Here is the configuration from the server.
There is nothing on the server.
Tell me what am I doing wrong?
Thx.