NXLog search
Let's talk Start free
Let's talk Start free

Graylog Sidecar integration not working on a Windows 11 system

Tags: NXLog Community Edition
#1 Jon Irish (Last updated )

Currently, I have GrayLog running as a docker image on an unraid server. Everything is working well. I also have a MS Windows lab environment that I want to forward logs into Graylog with the help of nxlog. I followed the instructions at: https://docs.nxlog.co/userguide/integrate/graylog.html and I don't have any errors, but I also don't have any data. Any ideas on how I can troubleshoot this to determine where my issue is?

Permalink
#2 gahorvath Nxlog ✓

Hello Jon,

You have not given much to work with :)

I would go through the following steps:

  1. review nxlog.log to make sure it's not complaining about anything basic
  2. checking if the input modules are picking anything up (you can add an extra file output, and observe data being written there)
  3. checking if the output modules are able to send data (add im_mark to your route, this will send a message at regular intervals)
  4. capture a bit of network traffic to see if there is data flowing towards 
  5. verify there is nothing eating packets:
    1. no firewall is dropping your packets
    2. in case of UDP doublecheck you are sending to the right place - UDP transport can act like a black hole when misconfigured

I could probably provide more specific help if you share your collection configuration and nxlog.log contents.

Gabor
Login to see more