NXLog search
Let's talk Start free
Let's talk Start free

NXLog -> GrayLog for Windows

Tags: NXLog Community Edition
#1 alarosa

Hello,

I am trying to send my custom application Windows logs to GrayLog.  I am using GELF TCP.    Our event text is getting cut off.   It looks like our custom events write all of the data to the section GrayLog calls “short message”    I did see the article that said there is a 64 character limit and we did change that with  Exec   $short_message = $raw_message;  in the output section.  This did increase the number of characters shown but there are still plenty more characters getting cut off.  We have NXlog writing to a local file right now so were able to verify that it is NXlog that is cutting off the data.  Is there a way to fix this?   Here is my conf file:

Panic Soft#NoFreeOnExit TRUE

define ROOT     C:\Program Files\nxlogdefine CERTDIR  %ROOT%\certdefine CONFDIR  %ROOT%\conf\nxlog.ddefine LOGDIR   %ROOT%\data

include %CONFDIR%\\*.confdefine LOGFILE  %LOGDIR%\nxlog.logLogFile %LOGFILE%

Moduledir %ROOT%\modulesCacheDir  %ROOT%\dataPidfile   %ROOT%\data\nxlog.pidSpoolDir  %ROOT%\data

<Extension _syslog>   Module      xm_syslog</Extension>

<Extension _charconv>   Module      xm_charconv   AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32</Extension>

<Extension _exec>   Module      xm_exec</Extension>

<Extension _gelf>   Module      xm_gelf   ShortMessageLength 1024   UseNullDelimiter false</Extension>

<Extension _fileop>   Module      xm_fileop

   # Check the size of our log file hourly, rotate if larger than 5MB   <Schedule>       Every   1 hour       Exec    if (file_exists('%LOGFILE%') and \                  (file_size('%LOGFILE%') >= 5M)) \                   file_cycle('%LOGFILE%', 8);   </Schedule>

   # Rotate our log file every week on Sunday at midnight   <Schedule>       When    @weekly       Exec    if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);   </Schedule></Extension>

<Input in>   Module      im_msvistalog</Input>

<Output file>      Module om_file      File 'c:/temp/nxlog.txt'</Output>

<Output out>   Module      om_tcp   Host       xxxxxxxxxxxxxxxxx   Port        5555   OutPutType  GELF_TCP   Exec        $short_message = $raw_message;</Output>

<Route 1>  Path        in => file</Route>

This is what the event data shows:

  [The description for EventID 0 from source xxxxxxx cannot be found:  The parameter is incorrect,   ]   

There are several more lines after this that are just not coming over.   I am very inexperienced with this software.  Thank you for your help. 

 

Permalink
#2 NenadMDeactivated Nxlog ✓

Hello,

I think that NXLog can forward logs to Graylog over TCP with TLS or UDP. in this case, you should us the om_ssl module. Please check the following documentation page:
https://docs.nxlog.co/userguide/integrate/graylog.html
Note that the doc above is for the NXLog EE product and some of the features might nobe available in NXLog CE, but it's a good starting point.
Login to see more