windows eventlog to graylog and splunk
Hello
windows ---> nxlog-------->graylog&splunk(syslog)
how can i do?
this conf is right?
p.s. graylog 192.168.1.20 splunk 192.168.1.21
------------------------------------My conf------------------------------------------------------------------ Panic Soft #NoFreeOnExit TRUE
define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE%
Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data
<Extension _syslog> Module xm_gelf
</Extension>
<Extension _syslog> Module xm_syslog
</Extension>
<Input in>
Module im_msvistalog
</Input>
<Output out> Module om_udp Host 192.168.1.20 Port 10554 OutputType GELF </Output>
<Output out1> Module om_udp Host 192.168.1.21 Port 10554 Exec to_syslog_snare(); </Output>
<Route 1> Path in => out </Route>
<Route 2> Path in => out1 </Route>
