After a bit of trial and and lots of reading, I managed to get Graylog2 working like a charm
I'm using NXLOG to send the logs to Graylog via GELF UDP
Right now I'm just testing and trying diffrent things.
Right now I';m testing with just 4 servers (have close to 100) has consumed a fair bit of space
So to evaluate usage, I figured I'd just send the security logs (these are all Windows Servers)
Original working configuration
define ROOT C:\Program Files (x86)\nxlog
# Use ’im_mseventlog’ for Windows XP, 2000 and 2003
# Uncomment the following to collect specific event logs only
Path in => out
Now I put a REM statement at the beginning of the file
# Just capturing security logs
The service won't start.
If I rem out Application and System path, it won't start.