Nxlog CE only loging data for local host

Post a different question
1
response

HI,
I am using nxlog CE on Wi2016 and have configured it to log data to windows event files.
I am sending dummy syslog using kiwi syslog generator with random host from subnet.
I can also see data from random hosts in a syslog watcher. but its not logged in files.
why its not saving data for syslog traffic please?

here is my config.
--

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension gelf>
Module xm_gelf
</Extension>
<Extension json>
Module xm_json
</Extension>
<Extension syslog>
Module xm_syslog
</Extension>

<Input in1>
Module im_tcp
Host 10.43.9.220
Port 514
</Input>
<Input in2>
Module im_udp
Host 0.0.0.0
Port 514
</Input>
<Input in>
Module im_msvistalog
Exec $Message = to_json();
</Input>
<Output out>
Module om_file
CreateDir TRUE
File 'C:\nxlog\Syslog' + "_" + strftime(now(),"%Y-%m-%d") + ".log"
OutputType LineBased
</Output>

<Route R1>
Path in1 , in2 , in => out
</Route>

--------

Any help is appreciated.

AskedSeptember 13, 2019 - 1:12pm

Answer (1)

Do you see a connection accepted message in nxlog.log for im_tcp ? If not, then you should troubleshoot your network, e.g. doing a packet capture to see what's going in with the network data.

See the Troubleshooting section in the user guide.

AnsweredSeptember 13, 2019 - 3:56pm