debugging UDP GELF stream of messages | View post

lecko 7 years ago

Hi,

New to this community . I use nxlog community edition. My collegue sends from the source side (nxlog) hundreds of msgs in UDP GELF format to graylog syslog utility . Half of them are accepted, the other half get rejected with error "short_message" field is empty.

I trieded tcpdump , but nothing visible can be seen. Is there a way that nxlog can berecofigured, so that it will send msgs in more readable format, so I can decide if it is OK that those msgs are rejected. It can be even sent sent to TCP ,

Most important config details in nxlog:

Module xm_gelf ShortMessageLength -1 Module im_file File "C:\DNSLog\DNSDebug.txt" SavePos TRUE InputType LineBased Module om_udp Host x.x.x.x Port yyyy OutputType GELF

Module im_msvistalog

        Exec if not ($Severity == 'ERROR' or $Severity == 'CRITICAL' or $EventID IN (624, 630, 631, 634, 635, 638, 658, 662, 4624, 4625, 4720, 4726, 4727, 4728, 4729, 4730, 4731, 4732, 4733, 4734, 4735, 4737, 4740, 4741, 4742, 4743, 4754, 4755, 4756, 4757, 4758, 4764, 4767)) drop(); 
        Exec if ($EventID == 4769) drop();

Module om_udp Host x.x.x.x Port yyyz OutputType GELF

Thanks in advance.