nxlog ce not to log server | Log collection solutions

#1 lokeliu 3 years ago

hello i have i question about windows 2012 > nxlog ce > graylog my nxlog-ce ver is 2.10.2150

question : my nxlog-ce to graylog have question but the log is not go to graylog so im open windows taskmgr to see nxlog.exe PID and Internet connection

nxlog source ip and Destination is "ipv4 Loopback " 2.nxlog log : WARNING The following sources are omitted to avoid exceeding the limit in the generated query: Microsoft-Windows-Workplace Join/Admin Microsoft-Windows-WPD-ClassInstaller/Operational Microsoft-Windows-WPD-CompositeClassDriver/Operational Microsoft-Windows-WPD-MTPClassDriver/Operational Microsoft-WS-Licensing/Admin Setup WitnessClientAdmin

my nxlog.conf

Panic Soft #NoFreeOnExit TRUE

define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE%

Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data

<Extension _syslog> Module xm_gelf </Extension>

Module im_msvistalog

</Input>

<Output out> Module om_udp Host Port 10554 OutputType GELF </Output>

so how can i do to Solve the problem

please help me thx~~

Permalink

#2 konstantinos Nxlog ✓ 3 years ago (Last updated 3 years ago )

#1 lokeliu

hello i have i question about windows 2012 > nxlog ce > graylog my nxlog-ce ver is 2.10.2150 question : my nxlog-ce to graylog have question but the log is not go to graylog so im open windows taskmgr to see nxlog.exe PID and Internet connection nxlog source ip and Destination is "ipv4 Loopback " 2.nxlog log : WARNING The following sources are omitted to avoid exceeding the limit in the generated query: Microsoft-Windows-Workplace Join/Admin Microsoft-Windows-WPD-ClassInstaller/Operational Microsoft-Windows-WPD-CompositeClassDriver/Operational Microsoft-Windows-WPD-MTPClassDriver/Operational Microsoft-WS-Licensing/Admin Setup WitnessClientAdmin my nxlog.conf Panic Soft #NoFreeOnExit TRUE define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE% Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data <Extension _syslog> Module xm_gelf </Extension> <Input in> Module im_msvistalog </Input> <Output out> Module om_udp Host Port 10554 OutputType GELF </Output> <Route 1> Path in => out </Route> so how can i do to Solve the problem please help me thx~~

Hi, is graylog definitely listening to UDP/10554 on your localhost? You could double check by running:

netstat -bano | find ":10554"

Thanks