I can send the event log from Server 2012 with the same configuration, but it is not running on Server 2016. The event log does not go to Graylog. Does NXLog not work on Server 2016? If so, what is the appropriate nxlog.conf?


AskedFebruary 25, 2018 - 12:40pm

Comments (7)

  • uptimeexpert's picture

    Hello again,

    NXLog, does not work on Windows Server 2016 stable so the configuration file you run on the 2012 Server may not work 2016 Server: https://nxlog.co/question/3200/eventlog-source-limitation-server-2016

    I have found an alternative solution to this problem. Send the logs as JSON, not as a GELF. The NxLog config file should look like this: nxlog2016server

    Graylog Inputs should be like this:

    a Parse incoming logs through Graylog Extractors. Expression link:http://docs.graylog.org/en/2.4/pages/extractors.html#using-the-json-extractor :)

  • uptimeexpert's picture

    Hi b0ti,

    There is no firewall other than the Windows firewall. (This firewall is also disabled.) Also Graylog server (CentOS 7.4) has iptables/firewalld disabled. The problem is not from the firewall.

    Thank you for your help.

  • tape's picture


    CentOS 7 is shipped with SELINUX by default, maybe this also can cause problem as it can limit access to tcp/udp ports on service side, not just firewall.


  • uptimeexpert's picture

    Hi tape,

    I turn off Selinux at the beginning of the server setup so this is not a possibility either. Thank you for your help. @NXLog, I solved the problem using JSON but I suggest you test it with GELF, it does not seem stable on Windows Server 2016.

  • b0ti's picture

    I suggest you test it with GELF, it does not seem stable on Windows Server 2016.

    We are pretty confident that GELF works. I suggest running wireshark and check whether your UDP packets reach your graylog instance at all before pointing fingers.

Answers (0)