With Graylog it's easier to use Gelf instead of syslog. Replace the syslog extension block with:
<Extension gelf> Module xm_gelf </Extension> and replace the output block with: <Output out> Module om_tcp Host 52.207.254.128 Port 12201 OutputType GELF_TCP </Output> On 24 May 2016 at 15:09, rvb n <nithiyanandams...@gmail.com> wrote: > This is my nxlog config > > ## This is a sample configuration file. See the nxlog reference manual > about the > ## configuration options. It should be installed locally and is also > available > ## online at http://nxlog.org/docs/ > > ## Please set the ROOT to the folder your nxlog was installed into, > ## otherwise it will not start. > > #define ROOT C:\Program Files\nxlog > define ROOT C:\Program Files (x86)\nxlog > > Moduledir %ROOT%\modules > CacheDir %ROOT%\data > Pidfile %ROOT%\data\nxlog.pid > SpoolDir %ROOT%\data > LogFile %ROOT%\data\nxlog.log > > <Extension _syslog> > Module xm_syslog > </Extension> > > <Input in> > Module im_msvistalog > # For windows 2003 and earlier use the following: > # Module im_mseventlog > </Input> > > <Output out> > Module om_tcp > Host 52.207.254.128 > Port 12201 > # Exec to_syslog_snare(); > </Output> > > <Route 1> > Path in => out > </Route> > > > On Tuesday, 24 May 2016 18:23:16 UTC+5:30, Marius Sturm wrote: >> >> In this scenario I would start with nxlog only. You don't need necessarily >> the sidecar for a first experiment. Just start nxlog with a proper >> configuration and see if you receive events in Graylog. >> >> On 24 May 2016 at 14:42, rvb n <nithiyan...@gmail.com> wrote: >> >>> Hi >>> >>> I know am disturbing you , but i have no option sorry, i am very new to >>> graylog so pls help me. as you said i have changed config in nxlog after >>> that am getting this error. >>> >>> 016-05-24 18:07:12 ERROR failed to open C:\Program Files >>> (x86)\graylog\collector-sidecar; Access is denied. >>> 2016-05-24 18:07:20 ERROR failed to open C:\Program Files >>> (x86)\graylog\collector-sidecar; Access is denied. >>> 2016-05-24 18:07:36 ERROR failed to open C:\Program Files >>> (x86)\graylog\collector-sidecar; Access is denied. >>> 2016-05-24 18:08:08 ERROR failed to open C:\Program Files >>> (x86)\graylog\collector-sidecar; Access is denied. >>> 2016-05-24 18:09:12 ERROR failed to open C:\Program Files >>> (x86)\graylog\collector-sidecar; Access is denied. >>> >>> >>> On Tuesday, 24 May 2016 17:43:15 UTC+5:30, Marius Sturm wrote: >>>> >>>> Hi, >>>> you have to start an input on the Graylog AMI by going to System -> >>>> Inputs. You can take a Gelf-TCP input for example. And then configure nxlog >>>> to send to the AMI IP like: >>>> >>>> <Output out> >>>> Module om_tcp >>>> Host 52.207.254.128 >>>> Port 12201 >>>> OutputType GELF_TCP >>>> </Output> >>>> >>>> Make sure that the port 12201 is open from your local machine by >>>> setting the security group right in EC2. >>>> >>>> On 24 May 2016 at 13:39, rvb n <nithiyan...@gmail.com> wrote: >>>> >>>>> >>>>> >>>>> *This is my collector -sidecar config* >>>>> >>>>> server_url: http://52.207.254.128:12900 >>>>> node_id: graylog-collector-sidecar >>>>> collector_id: file:C:\Program Files >>>>> (x86)\graylog\collector-sidecar\collector-id >>>>> tags: windows >>>>> log_path: C:\Program Files (x86)\graylog\collector-sidecar >>>>> update_interval: 10 >>>>> backends: >>>>> - name: nxlog >>>>> enabled: true >>>>> binary_path: C:\Program Files (x86)\nxlog\nxlog.exe >>>>> configuration_path: C:\Program Files >>>>> (x86)\graylog\collector-sidecar\generated\nxlog.conf >>>>> >>>>> *This is my nxlog.conf* >>>>> >>>>> ## This is a sample configuration file. See the nxlog reference manual >>>>> about the >>>>> ## configuration options. It should be installed locally and is also >>>>> available >>>>> ## online at http://nxlog.org/docs/ >>>>> >>>>> ## Please set the ROOT to the folder your nxlog was installed into, >>>>> ## otherwise it will not start. >>>>> >>>>> #define ROOT C:\Program Files\nxlog >>>>> define ROOT C:\Program Files (x86)\nxlog >>>>> >>>>> Moduledir %ROOT%\modules >>>>> CacheDir %ROOT%\data >>>>> Pidfile %ROOT%\data\nxlog.pid >>>>> SpoolDir %ROOT%\data >>>>> LogFile %ROOT%\data\nxlog.log >>>>> >>>>> <Extension _syslog> >>>>> Module xm_syslog >>>>> </Extension> >>>>> >>>>> <Input in> >>>>> Module im_msvistalog >>>>> # For windows 2003 and earlier use the following: >>>>> # Module im_mseventlog >>>>> </Input> >>>>> >>>>> <Output out> >>>>> Module om_tcp >>>>> Host 192.168.1.102 >>>>> Port 514 >>>>> Exec to_syslog_snare(); >>>>> </Output> >>>>> >>>>> <Route 1> >>>>> Path in => out >>>>> </Route> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Graylog Users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to graylog2+u...@googlegroups.com. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/graylog2/752e795a-2f56-4368-9bdf-02e22bddb12d%40googlegroups.com >>>>> <https://groups.google.com/d/msgid/graylog2/752e795a-2f56-4368-9bdf-02e22bddb12d%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> >>>> >>>> -- >>>> Developer >>>> >>>> Tel.: +49 (0)40 609 452 077 >>>> Fax.: +49 (0)40 609 452 078 >>>> >>>> TORCH GmbH - A Graylog Company >>>> Poolstraße 21 >>>> 20335 Hamburg >>>> Germany >>>> >>>> https://www.graylog.com <https://www.torch.sh/> >>>> >>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >>>> Geschäftsführer: Lennart Koopmann (CEO) >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Graylog Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to graylog2+u...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/graylog2/46d34ec3-ea34-476e-ab28-03edc5a7ec94%40googlegroups.com >>> <https://groups.google.com/d/msgid/graylog2/46d34ec3-ea34-476e-ab28-03edc5a7ec94%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Developer >> >> Tel.: +49 (0)40 609 452 077 >> Fax.: +49 (0)40 609 452 078 >> >> TORCH GmbH - A Graylog Company >> Poolstraße 21 >> 20335 Hamburg >> Germany >> >> https://www.graylog.com <https://www.torch.sh/> >> >> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >> Geschäftsführer: Lennart Koopmann (CEO) >> > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to graylog2+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/07152207-be40-45fc-ab3a-99b392120390%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/07152207-be40-45fc-ab3a-99b392120390%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- Developer Tel.: +49 (0)40 609 452 077 Fax.: +49 (0)40 609 452 078 TORCH GmbH - A Graylog Company Poolstraße 21 20335 Hamburg Germany https://www.graylog.com <https://www.torch.sh/> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 Geschäftsführer: Lennart Koopmann (CEO) -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAMqbBbL6CMhmS9uEdNNGn0h-8k2vqcVQkAg%2BXOJDgAHOWa96mQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.