I am new in the community, sorry if I make some mistakes and ask some boring questions.
I have Linux Graylog server and I am trying to add some windows logs to Graylog server from multiple Windows servers. I am trying to use sidecar and NXlog.
NXlog service is controlled by sidecar service, and it’s working, I am receiving all logs from server.
Now I want to add more servers, but I want to filter some logs, I don’t want to show all windows logs. So I have created other sidecar/nxlog configuration (for example to take only DHCP/DNS related messages) and that is working also. What is the issue? I want to collect different logs on different servers (domain controllers - dhcp/dns logs, nps logs etc, and from some other machines I want to receive some other logs).
To be more precise, on port 11101 I want to receive logs from dhcp, on port 11102 i want to receive logs from NPS, on port 11103 i want to receive only security windows logs. How can I make, if it is possible, a combination to use SERVER A to send DHCP logs and security logs (port 11103 and 11101), and server B to send security logs and NPS logs (port 11103 and 11102)? Or I should use only one port for Inputs but make different collector configurations?
Also, I dont understand the purpose of TAGS. I can’t mixed them on one collector (if I have multiple configurations)?