responses
hello i have i question about windows 2012 > nxlog ce > graylog
my nxlog-ce ver is 2.10.2150
question :
my nxlog-ce to graylog have question
but the log is not go to graylog
so im open windows taskmgr to see nxlog.exe PID and Internet connection
1. nxlog source ip and Destination is "ipv4 Loopback "
2.nxlog log :
WARNING The following sources are omitted to avoid exceeding the limit in the generated query: Microsoft-Windows-Workplace Join/Admin Microsoft-Windows-WPD-ClassInstaller/Operational Microsoft-Windows-WPD-CompositeClassDriver/Operational Microsoft-Windows-WPD-MTPClassDriver/Operational Microsoft-WS-Licensing/Admin Setup WitnessClientAdmin
my nxlog.conf
--------------------------------------------------------------------------------------------------------------------------------------------------------
Panic Soft
#NoFreeOnExit TRUE
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
<Extension _syslog>
Module xm_gelf
</Extension>
<Input in>
Module im_msvistalog
</Input>
<Output out>
Module om_udp
Host
Port 10554
OutputType GELF
</Output>
<Route 1>
Path in => out
</Route>
--------------------------------------------------------------------------------------------------------------------------------------------------------
so how can i do to Solve the problem
please help me thx~~
Comments (6)
Hi, is graylog definitely listening to UDP/10554 on your localhost? You could double check by running:
Thanks
Hello konstantinos
thanks for you Reply my problem
my localhost hostname is RMA7_Test
and
on my localhost > cmd > netstat -ao
TCP 127.0.0.1:1943 RMA7_Test:close-combat ESTABLISHED 3420
TCP 127.0.0.1:1944 RMA7_Test:1943 ESTABLISHED 3420
the pid 3420 is run nxlog.exe
netstat -bano | find ":10554" > is nothing
Hi, no problem at all! It seems to me that graylog is not listening to port 10554/UDP. This information might help: https://nxlog.co/documentation/nxlog-user-guide/graylog.html. just make sure your graylog port/protocol matches your nxlog Output config.
Thanks
Konstantinos
Hello Konsantions
Im confirm my graylog and windows set up is correct
becoures other windows (one 2008
Three 2012 and one 2019 )to graylog is ok
their conf is
-----------------------------------------------------------------------------------------------
Panic Soft
#NoFreeOnExit TRUE
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
<Extension _syslog>
Module xm_gelf
</Extension>
<Input in>
Module im_msvistalog
</Input>
<Output out>
Module om_udp
Host graylog
Port 10554
OutputType GELF
</Output>
<Route 1>
Path in => out
</Route>
Hi lokeliu,
The only difference I see in the two configs is "Host " Vs "Host graylog" in your Output block. If you don't specify a host, then it defaults to localhost (which means that your nxlog agent and graylog are expected to be running on the same machine). Have you left this blank intentionally?
Thanks,
Konstantinos
Hello konstantinos
i know host is graylog ip
For security, I did not po public