Port configuration in nxlog.conf file is being appended by "514"
When I start NXlog CE, I get a socket error when tryin gto connect to the remote Graylog server
nxlog.conf...######################################### Global directives #########################################User nxlogGroup nxlog
include /etc/nxlog/nxlog.d/*.confLogFile /var/log/nxlog/nxlog.logLogLevel INFO
######################################### Modules ##########################################<Extension _syslog># Module xm_syslog#</Extension>
<Extension json> Module xm_json</Extension>
<Extension syslog> Module xm_syslog</Extension>
<Input in1> Module im_udp Port 1514 Exec parse_syslog_bsd();</Input>
<Input in2> Module im_tcp Port 1514</Input>
<Input kernel> Module im_kernel Exec parse_syslog_bsd();</Input>
<Input systemd> Module im_systemd</Input>
<Input devlog> Module im_uds UDS /dev/log FlowControl FALSE Exec $raw_event =~ s/\s+$//; Exec parse_syslog_bsd();</Input>
<Output fileout1> Module om_file File "/var/log/nxlog/logmsg.txt" Exec if $Message =~ /error/ $SeverityValue = syslog_severity_value("error"); Exec to_syslog_bsd();</Output>
<Output fileout2> Module om_file File "/var/log/nxlog/logmsg2.txt"</Output>
<Output out> Module om_tcp Host 192.79.220.162:1514 Exec $Message = to_json(); to_syslog_bsd();</Output>
######################################### Routes #########################################<Route 1> Path in1 => fileout1</Route>
<Route tcproute> Path in2 => fileout2</Route>
<Route r> Path kernel, systemd, devlog => out</Route>...nxlog.log...2023-10-27 09:56:23 WARNING nxlog-ce received a termination request signal, exiting...2023-10-27 09:56:24 ERROR Couldn't get systemd cursor;Cannot assign requested address2023-10-27 09:56:24 ERROR Couldn't remove pidfile /run/nxlog/nxlog.pid: Permission denied2023-10-27 09:56:25 INFO configuration OK2023-10-27 09:56:25 INFO nxlog-ce-3.2.2329 started2023-10-27 09:56:25 ERROR couldn't bind socket /dev/log;Address already in use2023-10-27 09:56:25 INFO reconnecting in 1 seconds2023-10-27 09:56:25 ERROR apr_sockaddr_info failed for 192.xxx.xxx.162:1514:514;Name or service not known2023-10-27 09:56:26 INFO reconnecting in 2 seconds2023-10-27 09:56:26 ERROR apr_sockaddr_info failed for 192.xxx.xxx.162:1514:514;Name or service not known2023-10-27 09:56:28 INFO reconnecting in 4 seconds2023-10-27 09:56:28 ERROR apr_sockaddr_info failed for 192.xxx.xxx.162:1514:514;Name or service not known2023-10-27 09:56:32 INFO reconnecting in 8 seconds2023-10-27 09:56:32 ERROR apr_sockaddr_info failed for 192.xxx.xxx.162:1514:514;Name or service not known2023-10-27 09:56:40 INFO reconnecting in 16 seconds2023-10-27 09:56:40 ERROR apr_sockaddr_info failed for 192.xxx.xxx.162:1514:514;Name or service not known2023-10-27 09:56:56 INFO reconnecting in 32 seconds2023-10-27 09:56:56 ERROR apr_sockaddr_info failed for 192.xxx.xxx.162:1514:514;Name or service not known2023-10-27 09:57:28 INFO reconnecting in 64 seconds2023-10-27 09:57:28 ERROR apr_sockaddr_info failed for 192.xxx.xxx.162:1514:514;Name or service not known...
environment description...nxlog-ce is running on Oracle Linux Server version 8.8Package version is -3.2.2329-1.x86_64 ...
relevant details...This is a new installation. The Graylog server is not receiving any logs from this machineThis problem does not involve parsing data.The problems is that the port I identified in the nxlog.conf file "1514" is being appended by "514" so the socket connection fails to the remote server. If I remove 1514 from the nxlog.conf file, the system still tries to connect at port 514 and gets denied errors since Graylog is seutp to listen on 1514...
Hello
As far as I understand, you receive the logs on TCP/1514 port and sent the logs over TCP/1514 port. Am I right?
Also, the following error:
2023-10-27 09:56:25 ERROR couldn't bind socket /dev/log;Address already in useseems to be related to the im_uds module…
You could maybe try a simple config (one input-one output) and check which module exactly produces the problem.
