NXLog -> GrayLog for Windows
Hello,
I am trying to send my custom application Windows logs to GrayLog. I am using GELF TCP. Our event text is getting cut off. It looks like our custom events write all of the data to the section GrayLog calls “short message” I did see the article that said there is a 64 character limit and we did change that with Exec $short_message = $raw_message; in the output section. This did increase the number of characters shown but there are still plenty more characters getting cut off. We have NXlog writing to a local file right now so were able to verify that it is NXlog that is cutting off the data. Is there a way to fix this? Here is my conf file:
Panic Soft#NoFreeOnExit TRUE
define ROOT C:\Program Files\nxlogdefine CERTDIR %ROOT%\certdefine CONFDIR %ROOT%\conf\nxlog.ddefine LOGDIR %ROOT%\data
include %CONFDIR%\\*.confdefine LOGFILE %LOGDIR%\nxlog.logLogFile %LOGFILE%
Moduledir %ROOT%\modulesCacheDir %ROOT%\dataPidfile %ROOT%\data\nxlog.pidSpoolDir %ROOT%\data
<Extension _syslog> Module xm_syslog</Extension>
<Extension _charconv> Module xm_charconv AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32</Extension>
<Extension _exec> Module xm_exec</Extension>
<Extension _gelf> Module xm_gelf ShortMessageLength 1024 UseNullDelimiter false</Extension>
<Extension _fileop> Module xm_fileop
# Check the size of our log file hourly, rotate if larger than 5MB <Schedule> Every 1 hour Exec if (file_exists('%LOGFILE%') and \ (file_size('%LOGFILE%') >= 5M)) \ file_cycle('%LOGFILE%', 8); </Schedule>
# Rotate our log file every week on Sunday at midnight <Schedule> When @weekly Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8); </Schedule></Extension>
<Input in> Module im_msvistalog</Input>
<Output file> Module om_file File 'c:/temp/nxlog.txt'</Output>
<Output out> Module om_tcp Host xxxxxxxxxxxxxxxxx Port 5555 OutPutType GELF_TCP Exec $short_message = $raw_message;</Output>
<Route 1> Path in => file</Route>
This is what the event data shows:
[The description for EventID 0 from source xxxxxxx cannot be found: The parameter is incorrect, ]
There are several more lines after this that are just not coming over. I am very inexperienced with this software. Thank you for your help.
Hello,
I think that NXLog can forward logs to Graylog over TCP with TLS or UDP. in this case, you should us the om_ssl module. Please check the following documentation page:
https://docs.nxlog.co/userguide/integrate/graylog.html
Note that the doc above is for the NXLog EE product and some of the features might nobe available in NXLog CE, but it's a good starting point.
