5
responses

I installed NXLOG onto our windows server. I setup INPUT to send the c:\squid\var\logs\access.log to our graylog server.

I restarted the NXLOG service.

On the graylog service, i still keep getting windows event log instead of the squid proxy logs.

Has anyone encountered this before?

 

AskedFebruary 5, 2016 - 10:57am

Answer (1)

This is usually caused by the PBCK, else your data ingestion might have fallen behind and you are still seeing data from earlier when your previous conf was in use.  See the troubleshooting tips in the manual.

Comments (4)

  • wilsonchua's picture

    No offense taken. I appreciate your help. It must be something i overlooked. Maybe a new set of eyes can help here: 

    (partial)

    <Input ProxyLog>
       Module    im_file
        File    "C:\squid\var\logs\access.log"
        ReadFromLast False
    </Input>

    <Output ossim>
        Module      om_udp
        Host        x.y.w.z <--not real ip
        Port        8516
        Exec    to_syslog_snare();
    </Output>

    <Route 666>
        Path    ProxyLog => ossim
    </Route>    

     

    Note: even after 3 days, the graylog data shows:

    US-WMS MSWinEventLog 1 N/A 77310 Sat Feb 06 07:58:47 2016 N/A N/A N/A N/A N/A N/A N/A N/A N/A

    Instead of Proxy logs...that look something like this:

    1454716839.392     16 178.74.28.174 TCP_HIT/200 8271 GET http:/<domainname url>/coleen-garcia-gets-hospitalized/ - NONE/- text/html