I can send the event log from Server 2012 with the same configuration, but it is not running on Server 2016.
The event log does not go to Graylog. Does NXLog not work on Server 2016?
If so, what is the appropriate nxlog.conf?
NXLog, does not work on Windows Server 2016 stable so the configuration file you run on the 2012 Server may not work 2016 Server:
https://nxlog.co/question/3200/eventlog-source-limitation-server-2016
I have found an alternative solution to this problem.
Send the logs as JSON, not as a GELF.
The NxLog config file should look like this:
Graylog Inputs should be like this:
Parse incoming logs through Graylog Extractors.
Expression link:http://docs.graylog.org/en/2.4/pages/extractors.html#using-the-json-extractor :)
There is no firewall other than the Windows firewall. (This firewall is also disabled.) Also Graylog server (CentOS 7.4) has iptables/firewalld disabled. The problem is not from the firewall.
CentOS 7 is shipped with SELINUX by default, maybe this also can cause problem as it can limit access to tcp/udp ports on service side, not just firewall.
I turn off Selinux at the beginning of the server setup so this is not a possibility either. Thank you for your help. @NXLog, I solved the problem using JSON but I suggest you test it with GELF, it does not seem stable on Windows Server 2016.
I suggest you test it with GELF, it does not seem stable on Windows Server 2016.
We are pretty confident that GELF works. I suggest running wireshark and check whether your UDP packets reach your graylog instance at all before pointing fingers.
Comments (7)
Hello again,
NXLog, does not work on Windows Server 2016 stable so the configuration file you run on the 2012 Server may not work 2016 Server: https://nxlog.co/question/3200/eventlog-source-limitation-server-2016
I have found an alternative solution to this problem. Send the logs as JSON, not as a GELF. The NxLog config file should look like this:
Graylog Inputs should be like this:
I hope it solves the problem. :)
If it can send json then obviously it works on 2016. Perhaps you had problems getting GELF over UDP to graylog (i.e. firewall issue) ?
Hi b0ti,
There is no firewall other than the Windows firewall. (This firewall is also disabled.) Also Graylog server (CentOS 7.4) has iptables/firewalld disabled. The problem is not from the firewall.
Thank you for your help.
Hi,
CentOS 7 is shipped with SELINUX by default, maybe this also can cause problem as it can limit access to tcp/udp ports on service side, not just firewall.
Peter
Hi tape,
I turn off Selinux at the beginning of the server setup so this is not a possibility either. Thank you for your help. @NXLog, I solved the problem using JSON but I suggest you test it with GELF, it does not seem stable on Windows Server 2016.
We are pretty confident that GELF works. I suggest running wireshark and check whether your UDP packets reach your graylog instance at all before pointing fingers.