5
responses
responses
Answer (1)
raf
Hello,
Correct me if I am wrong - are you using om_elasticsearch in your setup? Have you already checked the om_elasticsearch documentation?
Thanks,
Rafal
Hello,
Correct me if I am wrong - are you using om_elasticsearch in your setup? Have you already checked the om_elasticsearch documentation?
Thanks,
Rafal
Comments (4)
Hi Rafal,
Yes using om_elasticsearch, I already test the AddHeader for sending elastic basic authentication header but seems not working
Thanks
That's unexpected.
Would you mind sharing your full
nlog.conffile?Thanks,
Rafal
Hi Raf,
Below is my nxlog.conf for om_elastic
LogLevel INFO
Logfile %LOGDIR%/nxlog.log
<Extension agent_managment>
Module xm_soapadmin
Connect 10.1.1.127
Port 4041
SocketType SSL
CAFile %CERTDIR%/agent-ca.pem
CertFile %CERTDIR%/agent-cert.pem
CertKeyFile %CERTDIR%/agent-key.pem
AllowUntrusted FALSE
RequireCert TRUE
<ACL conf>
Directory %CONFDIR%
AllowRead TRUE
AllowWrite TRUE
</ACL>
<ACL cert>
Directory %CERTDIR%
AllowRead TRUE
AllowWrite TRUE
</ACL>
</Extension>
<Processor buffer>
Module pm_buffer
WarnLimit 102400
MaxSize 102400
Type Disk
</Processor>
<Input Windows Event>
Module im_mseventlog
SavePos TRUE
</Input>
<Output ELK>
Module om_elasticsearch
URL http://10.1.1.134:9200
Index strftime($EventTime, "test-%Y%m%d")
AddHeader Authorization: "Basic ZWxfc3RpYzoqWURAUk21ZbmV9"
</Output>
<Route Windows_Event>
Priority 1
Path Windows Event => buffer => ELK
</Route>
Thanks
Hi there,
Do you get an ERROR in your
/opt/nxlog/var/log/nxlog/nxlog.logsimilar to:[om_elasticsearch|elasticsearch] HTTP response status is not OK: 401 UnauthorizedCan you try formatting the header as shown below:
AddHeader Authorization: Basic ZWxhc3RpYzokWSRAUk1ZbmV0==are you able to login when using simple curl from the host running your nxlog?
curl -vv --user elastic https://10.1.1.134:9200Also please try formatting the URL in your config as follows
URL http://10.1.1.134:9200/_bulkThanks,
Konstantinos