5responses aurox3d_fc Hi, Regarding the Elasticsearch module: Currently, I am using Nxlog Manager, NxLog agent and I want to send the log to elasticsearch. Where I should put the elastic username and password on NXLog config file? Thanks AskedJanuary 20, 2021 - 3:20am Answer the question Leave a comment
raf Hello, Correct me if I am wrong - are you using om_elasticsearch in your setup? Have you already checked the om_elasticsearch documentation? Thanks, Rafal AnsweredJanuary 20, 2021 - 3:22pm Leave a comment Comments (4) aurox3d Leave a comment Hi Rafal, Yes using om_elasticsearch, I already test the AddHeader for sending elastic basic authentication header but seems not working Thanks January 21, 2021 - 4:59am raf (NXLog) Leave a comment That's unexpected. Would you mind sharing your full nlog.conf file? Thanks, Rafal January 21, 2021 - 1:44pm aurox3d Leave a comment Hi Raf, Below is my nxlog.conf for om_elastic LogLevel INFO Logfile %LOGDIR%/nxlog.log <Extension agent_managment> Module xm_soapadmin Connect 10.1.1.127 Port 4041 SocketType SSL CAFile %CERTDIR%/agent-ca.pem CertFile %CERTDIR%/agent-cert.pem CertKeyFile %CERTDIR%/agent-key.pem AllowUntrusted FALSE RequireCert TRUE <ACL conf> Directory %CONFDIR% AllowRead TRUE AllowWrite TRUE </ACL> <ACL cert> Directory %CERTDIR% AllowRead TRUE AllowWrite TRUE </ACL> </Extension> <Processor buffer> Module pm_buffer WarnLimit 102400 MaxSize 102400 Type Disk </Processor> <Input Windows Event> Module im_mseventlog SavePos TRUE </Input> <Output ELK> Module om_elasticsearch URL http://10.1.1.134:9200 Index strftime($EventTime, "test-%Y%m%d") AddHeader Authorization: "Basic ZWxfc3RpYzoqWURAUk21ZbmV9" </Output> <Route Windows_Event> Priority 1 Path Windows Event => buffer => ELK </Route> Thanks January 23, 2021 - 4:23pm konstantinos (NXLog) Leave a comment Hi there, Do you get an ERROR in your /opt/nxlog/var/log/nxlog/nxlog.log similar to: [om_elasticsearch|elasticsearch] HTTP response status is not OK: 401 Unauthorized Can you try formatting the header as shown below: AddHeader Authorization: Basic ZWxhc3RpYzokWSRAUk1ZbmV0== are you able to login when using simple curl from the host running your nxlog? curl -vv --user elastic https://10.1.1.134:9200 Also please try formatting the URL in your config as follows URL http://10.1.1.134:9200/_bulk Thanks, Konstantinos January 22, 2021 - 4:19pm
Comments (4)
Hi Rafal,
Yes using om_elasticsearch, I already test the AddHeader for sending elastic basic authentication header but seems not working
Thanks
That's unexpected.
Would you mind sharing your full
nlog.conf
file?Thanks,
Rafal
Hi Raf,
Below is my nxlog.conf for om_elastic
LogLevel INFO
Logfile %LOGDIR%/nxlog.log
<Extension agent_managment>
Module xm_soapadmin
Connect 10.1.1.127
Port 4041
SocketType SSL
CAFile %CERTDIR%/agent-ca.pem
CertFile %CERTDIR%/agent-cert.pem
CertKeyFile %CERTDIR%/agent-key.pem
AllowUntrusted FALSE
RequireCert TRUE
<ACL conf>
Directory %CONFDIR%
AllowRead TRUE
AllowWrite TRUE
</ACL>
<ACL cert>
Directory %CERTDIR%
AllowRead TRUE
AllowWrite TRUE
</ACL>
</Extension>
<Processor buffer>
Module pm_buffer
WarnLimit 102400
MaxSize 102400
Type Disk
</Processor>
<Input Windows Event>
Module im_mseventlog
SavePos TRUE
</Input>
<Output ELK>
Module om_elasticsearch
URL http://10.1.1.134:9200
Index strftime($EventTime, "test-%Y%m%d")
AddHeader Authorization: "Basic ZWxfc3RpYzoqWURAUk21ZbmV9"
</Output>
<Route Windows_Event>
Priority 1
Path Windows Event => buffer => ELK
</Route>
Thanks
Hi there,
Do you get an ERROR in your
/opt/nxlog/var/log/nxlog/nxlog.log
similar to:[om_elasticsearch|elasticsearch] HTTP response status is not OK: 401 Unauthorized
Can you try formatting the header as shown below:
AddHeader Authorization: Basic ZWxhc3RpYzokWSRAUk1ZbmV0==
are you able to login when using simple curl from the host running your nxlog?
curl -vv --user elastic https://10.1.1.134:9200
Also please try formatting the URL in your config as follows
URL http://10.1.1.134:9200/_bulk
Thanks,
Konstantinos