1
response

I've been using NXLog to monitor a simple log file from an application and send it to Graylog using GELF. Very simple, very efficient, and it works just like I want it to. Now I want to monitor a 2nd log file from another application and send that to a separate input in Graylog (also using GELF). I thought it would be quick and simple to add the 2nd log file as another om_file imput and add a 2nd output to route the log file to. But for some reason, I just can't get the 2nd input/output to work. Here is my nxlog.conf file:

########################################
User nxlog
Group nxlog

LogFile /var/log/nxlog/nxlog.log
LogLevel INFO

########################################
# Modules                              #
########################################
<Extension _gelf>
    Module      xm_gelf
</Extension>

<Input APP1>
    Module      im_file
    File        "/var/log/logfile1.txt"
</Input>

<Input APP2>
    Module      im_file
    File        "/var/log/logfile2.txt"
</Input>

<Output Graylog1>
    Module      om_udp
    Host        192.168.0.100
    Port        12201
    OutputType  GELF
</Output>

<Output Graylog2>
    Module      om_udp
    Host        192.168.0.100
    Port        12203
    OutputType  GELF
</Output>


########################################
# Routes                               #
########################################
<Route graylog_1>
    Path        APP1=> Graylog1
</Route>
<Route graylog_2>
    Path        APP2 => Graylog2
</Route>

What I've found is that if I also route the logfile2.txt to Graylog1, it works just fine. So both log files can be sent to Graylog1. But when I add that 2nd output, Graylog2, and route logfile2.txt to it, I never get any of those messages in Graylog. I know this isn't a Graylog forum, but am I missing something in my nxlog.conf or should I be looking more at the Graylog server?

AskedMarch 16, 2021 - 4:56pm

Answer (1)

Hi,

I don't see any obvious error here.

Are you sure your Graylog instance is listening on both ports that you declared here? I'd suggest checking if both UDP connections are established at all.

Regards,
Rafal