NXLog reconnecting continuously in Windows Server 2016

#1 ademuynck 4 years ago

Hi teams,

Hope you are doing well. I have some trouble implementing NXLOG on Windows 2016 server.

I have this logs into my nxlog.log file :

2020-03-08 18:46:34 INFO reconnecting in 1 seconds 2020-03-08 18:46:35 INFO connecting to 10.7.x.2:12201 2020-03-08 18:46:35 INFO successfully connected to 10.7.x.2:12201 2020-03-08 18:46:35 INFO reconnecting in 1 seconds 2020-03-08 18:46:36 INFO connecting to 10.7.x.2:12201 2020-03-08 18:46:36 INFO successfully connected to 10.7.x.2:12201 2020-03-08 18:46:36 INFO reconnecting in 1 seconds 2020-03-08 18:46:37 INFO connecting to 10.7.x.2:12201 2020-03-08 18:46:37 INFO successfully connected to 10.7.x.2:12201 2020-03-08 18:46:37 INFO reconnecting in 1 seconds 2020-03-08 18:46:38 INFO connecting to 10.7.x.2:12201 2020-03-08 18:46:38 INFO successfully connected to 10.7.x.2:12201 2020-03-08 18:46:38 INFO reconnecting in 1 seconds 2020-03-08 18:46:39 INFO connecting to 10.7.x.2:12201 2020-03-08 18:46:39 INFO successfully connected to 10.7.x.2:12201 2020-03-08 18:46:39 INFO reconnecting in 1 seconds 2020-03-08 18:46:40 INFO connecting to 10.7.x.2:12201

Under my graylog input, i have following sceen :

Throughput / Metrics 1 minute average rate: 13 msg/s Network IO: 308.0B 0B (total: 1.2MiB 0B ) Active connections: 0 (4,228 total) Empty messages discarded: 0

We can see, NXlog seems to send log to Graylog, but as i am in TCP connection i have to see at least 1 active connection. This is not the case. Can you help me to troubleshoot this issue please ? I have check Windows firewall, and network firewall. There is no filtering between NXLogs & my graylog server for sure.

Many thanks

Permalink

#2 Zhengshi Nxlog ✓ 4 years ago

#1 ademuynck

Hi teams, Hope you are doing well. I have some trouble implementing NXLOG on Windows 2016 server. I have this logs into my nxlog.log file : 2020-03-08 18:46:34 INFO reconnecting in 1 seconds 2020-03-08 18:46:35 INFO connecting to 10.7.x.2:12201 2020-03-08 18:46:35 INFO successfully connected to 10.7.x.2:12201 2020-03-08 18:46:35 INFO reconnecting in 1 seconds 2020-03-08 18:46:36 INFO connecting to 10.7.x.2:12201 2020-03-08 18:46:36 INFO successfully connected to 10.7.x.2:12201 2020-03-08 18:46:36 INFO reconnecting in 1 seconds 2020-03-08 18:46:37 INFO connecting to 10.7.x.2:12201 2020-03-08 18:46:37 INFO successfully connected to 10.7.x.2:12201 2020-03-08 18:46:37 INFO reconnecting in 1 seconds 2020-03-08 18:46:38 INFO connecting to 10.7.x.2:12201 2020-03-08 18:46:38 INFO successfully connected to 10.7.x.2:12201 2020-03-08 18:46:38 INFO reconnecting in 1 seconds 2020-03-08 18:46:39 INFO connecting to 10.7.x.2:12201 2020-03-08 18:46:39 INFO successfully connected to 10.7.x.2:12201 2020-03-08 18:46:39 INFO reconnecting in 1 seconds 2020-03-08 18:46:40 INFO connecting to 10.7.x.2:12201 Under my graylog input, i have following sceen : Throughput / Metrics 1 minute average rate: 13 msg/s Network IO: 308.0B 0B (total: 1.2MiB 0B ) Active connections: 0 (4,228 total) Empty messages discarded: 0 We can see, NXlog seems to send log to Graylog, but as i am in TCP connection i have to see at least 1 active connection. This is not the case. Can you help me to troubleshoot this issue please ? I have check Windows firewall, and network firewall. There is no filtering between NXLogs & my graylog server for sure. Many thanks

NXLog should try to create a socket connection and keep it open as long as possible. Generally the remote end will close the connection (what it looks like here).
Make sure to use the most recent version of NXLog.

For events, you can add a secondary output to a text file to ensure that you are getting events and using wireshark or tcpdump to show events are leaving. Tcpdump/wireshark can also show what is happening on the network as far as connections are concerned.