1
answer

Hi guys,

 

I need help about NXlog with graylog, on my 2008 server my nxlog send correctly log to my graylog server but i cant see lvl and facility off all logs :-(. like :

facility : Unknown and level Invalid [-1]

plz see my nxlog config :

 <Extension gelf>
Module xm_gelf
</Extension>
 
 <Extension syslog>
    Module    xm_syslog
</Extension>

<Input eventlog>
Module im_msvistalog
# this kinda works for me, put * to get everything
Query <QueryList>\
<Query Id="0">\
<Select Path='Application'>*[Application/Level=2][Application/Level=3][Application/Level=1]</Select>\
<Select Path='System'>*[system/Level=2][system/Level=3][system/Level=1]</Select>\
<Select Path='Security'>*</Select>\
<Select Path='Setup'>*</Select>\
</Query>\
</QueryList>
</Input>

<Output out>
    Module      om_udp
    Host        10.0.0.202
    Port           9000
</Output>

<Route 1>
    Path        eventlog => out
</Route>

 

btw i tried to use GELF out type but all messages in graylog was ���������������

hope u will help me

Regards,

 

Gael

AskedJune 10, 2015 - 4:39pm

Answer (1)

See the example in the NXLog Reference Manual. You need the following:

OutputType  GELF_UDP
AnsweredJune 10, 2015 - 5:34pm

Comments (3)

  • adm's picture
    (NXLog)

    Perhaps you need to configure the graylog side to be expecting GELF.  Please ask the graylog folks about that.

    I'm pretty sure that's a configuration issue at your end since this works well with graylog for many users.

     

    June 11, 2015 - 10:03am
  • gsevestre's picture

    yes that what i thinking.

     

    thank you for your answers.

     

    regards,

     

    gael

    June 11, 2015 - 10:05am