Did you start the tcp gelf input in the Graylog ui? Did you opened port 12201 in the security group for the ec2 vm?
On 24 May 2016 at 16:07, rvb n <nithiyanandams...@gmail.com> wrote: > Now nxlog is only one instance is running. no log received in GL. > > On Tuesday, 24 May 2016 19:20:45 UTC+5:30, Marius Sturm wrote: >> >> NXlog is telling you already what the problem is: ERROR Service is >> already running >> There is another nxlog instance running, stop that process before >> starting a new one. >> >> On 24 May 2016 at 15:41, rvb n <nithiyan...@gmail.com> wrote: >> >>> Marius , >>> >>> I changed config as you said in nxlog and i stopped sidecar and i >>> started nxlog >>> >>> 2016-05-24 18:57:09 INFO nxlog-ce-2.9.1504 started >>> 2016-05-24 18:57:09 INFO connecting to 52.207.254.128:12201 >>> 2016-05-24 18:57:15 ERROR Service is already running >>> 2016-05-24 18:57:20 ERROR Service is already running >>> >>> still i have not received any log. can you please ask some question like >>> cross check so that can correct my mistake. pls sorry again >>> >>> On Tuesday, 24 May 2016 18:47:18 UTC+5:30, Marius Sturm wrote: >>>> >>>> With Graylog it's easier to use Gelf instead of syslog. Replace the >>>> syslog extension block with: >>>> >>>> <Extension gelf> >>>> Module xm_gelf >>>> </Extension> >>>> >>>> and replace the output block with: >>>> >>>> <Output out> >>>> Module om_tcp >>>> Host 52.207.254.128 >>>> Port 12201 >>>> OutputType GELF_TCP >>>> </Output> >>>> >>>> >>>> On 24 May 2016 at 15:09, rvb n <nithiyan...@gmail.com> wrote: >>>> >>>>> This is my nxlog config >>>>> >>>>> ## This is a sample configuration file. See the nxlog reference manual >>>>> about the >>>>> ## configuration options. It should be installed locally and is also >>>>> available >>>>> ## online at http://nxlog.org/docs/ >>>>> >>>>> ## Please set the ROOT to the folder your nxlog was installed into, >>>>> ## otherwise it will not start. >>>>> >>>>> #define ROOT C:\Program Files\nxlog >>>>> define ROOT C:\Program Files (x86)\nxlog >>>>> >>>>> Moduledir %ROOT%\modules >>>>> CacheDir %ROOT%\data >>>>> Pidfile %ROOT%\data\nxlog.pid >>>>> SpoolDir %ROOT%\data >>>>> LogFile %ROOT%\data\nxlog.log >>>>> >>>>> <Extension _syslog> >>>>> Module xm_syslog >>>>> </Extension> >>>>> >>>>> <Input in> >>>>> Module im_msvistalog >>>>> # For windows 2003 and earlier use the following: >>>>> # Module im_mseventlog >>>>> </Input> >>>>> >>>>> <Output out> >>>>> Module om_tcp >>>>> Host 52.207.254.128 >>>>> Port 12201 >>>>> # Exec to_syslog_snare(); >>>>> </Output> >>>>> >>>>> <Route 1> >>>>> Path in => out >>>>> </Route> >>>>> >>>>> >>>>> On Tuesday, 24 May 2016 18:23:16 UTC+5:30, Marius Sturm wrote: >>>>>> >>>>>> In this scenario I would start with nxlog only. You don't need >>>>>> necessarily >>>>>> the sidecar for a first experiment. Just start nxlog with a proper >>>>>> configuration and see if you receive events in Graylog. >>>>>> >>>>>> On 24 May 2016 at 14:42, rvb n <nithiyan...@gmail.com> wrote: >>>>>> >>>>>>> Hi >>>>>>> >>>>>>> I know am disturbing you , but i have no option sorry, i am very new >>>>>>> to graylog so pls help me. as you said i have changed config in nxlog >>>>>>> after >>>>>>> that am getting this error. >>>>>>> >>>>>>> 016-05-24 18:07:12 ERROR failed to open C:\Program Files >>>>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>>>> 2016-05-24 18:07:20 ERROR failed to open C:\Program Files >>>>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>>>> 2016-05-24 18:07:36 ERROR failed to open C:\Program Files >>>>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>>>> 2016-05-24 18:08:08 ERROR failed to open C:\Program Files >>>>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>>>> 2016-05-24 18:09:12 ERROR failed to open C:\Program Files >>>>>>> (x86)\graylog\collector-sidecar; Access is denied. >>>>>>> >>>>>>> >>>>>>> On Tuesday, 24 May 2016 17:43:15 UTC+5:30, Marius Sturm wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> you have to start an input on the Graylog AMI by going to System -> >>>>>>>> Inputs. You can take a Gelf-TCP input for example. And then configure >>>>>>>> nxlog >>>>>>>> to send to the AMI IP like: >>>>>>>> >>>>>>>> <Output out> >>>>>>>> Module om_tcp >>>>>>>> Host 52.207.254.128 >>>>>>>> Port 12201 >>>>>>>> OutputType GELF_TCP >>>>>>>> </Output> >>>>>>>> >>>>>>>> Make sure that the port 12201 is open from your local machine by >>>>>>>> setting the security group right in EC2. >>>>>>>> >>>>>>>> On 24 May 2016 at 13:39, rvb n <nithiyan...@gmail.com> wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> *This is my collector -sidecar config* >>>>>>>>> >>>>>>>>> server_url: http://52.207.254.128:12900 >>>>>>>>> node_id: graylog-collector-sidecar >>>>>>>>> collector_id: file:C:\Program Files >>>>>>>>> (x86)\graylog\collector-sidecar\collector-id >>>>>>>>> tags: windows >>>>>>>>> log_path: C:\Program Files (x86)\graylog\collector-sidecar >>>>>>>>> update_interval: 10 >>>>>>>>> backends: >>>>>>>>> - name: nxlog >>>>>>>>> enabled: true >>>>>>>>> binary_path: C:\Program Files (x86)\nxlog\nxlog.exe >>>>>>>>> configuration_path: C:\Program Files >>>>>>>>> (x86)\graylog\collector-sidecar\generated\nxlog.conf >>>>>>>>> >>>>>>>>> *This is my nxlog.conf* >>>>>>>>> >>>>>>>>> ## This is a sample configuration file. See the nxlog reference >>>>>>>>> manual about the >>>>>>>>> ## configuration options. It should be installed locally and is >>>>>>>>> also available >>>>>>>>> ## online at http://nxlog.org/docs/ >>>>>>>>> >>>>>>>>> ## Please set the ROOT to the folder your nxlog was installed into, >>>>>>>>> ## otherwise it will not start. >>>>>>>>> >>>>>>>>> #define ROOT C:\Program Files\nxlog >>>>>>>>> define ROOT C:\Program Files (x86)\nxlog >>>>>>>>> >>>>>>>>> Moduledir %ROOT%\modules >>>>>>>>> CacheDir %ROOT%\data >>>>>>>>> Pidfile %ROOT%\data\nxlog.pid >>>>>>>>> SpoolDir %ROOT%\data >>>>>>>>> LogFile %ROOT%\data\nxlog.log >>>>>>>>> >>>>>>>>> <Extension _syslog> >>>>>>>>> Module xm_syslog >>>>>>>>> </Extension> >>>>>>>>> >>>>>>>>> <Input in> >>>>>>>>> Module im_msvistalog >>>>>>>>> # For windows 2003 and earlier use the following: >>>>>>>>> # Module im_mseventlog >>>>>>>>> </Input> >>>>>>>>> >>>>>>>>> <Output out> >>>>>>>>> Module om_tcp >>>>>>>>> Host 192.168.1.102 >>>>>>>>> Port 514 >>>>>>>>> Exec to_syslog_snare(); >>>>>>>>> </Output> >>>>>>>>> >>>>>>>>> <Route 1> >>>>>>>>> Path in => out >>>>>>>>> </Route> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "Graylog Users" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to graylog2+u...@googlegroups.com. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/d/msgid/graylog2/752e795a-2f56-4368-9bdf-02e22bddb12d%40googlegroups.com >>>>>>>>> <https://groups.google.com/d/msgid/graylog2/752e795a-2f56-4368-9bdf-02e22bddb12d%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Developer >>>>>>>> >>>>>>>> Tel.: +49 (0)40 609 452 077 >>>>>>>> Fax.: +49 (0)40 609 452 078 >>>>>>>> >>>>>>>> TORCH GmbH - A Graylog Company >>>>>>>> Poolstraße 21 >>>>>>>> 20335 Hamburg >>>>>>>> Germany >>>>>>>> >>>>>>>> https://www.graylog.com <https://www.torch.sh/> >>>>>>>> >>>>>>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >>>>>>>> Geschäftsführer: Lennart Koopmann (CEO) >>>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Graylog Users" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to graylog2+u...@googlegroups.com. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/graylog2/46d34ec3-ea34-476e-ab28-03edc5a7ec94%40googlegroups.com >>>>>>> <https://groups.google.com/d/msgid/graylog2/46d34ec3-ea34-476e-ab28-03edc5a7ec94%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Developer >>>>>> >>>>>> Tel.: +49 (0)40 609 452 077 >>>>>> Fax.: +49 (0)40 609 452 078 >>>>>> >>>>>> TORCH GmbH - A Graylog Company >>>>>> Poolstraße 21 >>>>>> 20335 Hamburg >>>>>> Germany >>>>>> >>>>>> https://www.graylog.com <https://www.torch.sh/> >>>>>> >>>>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >>>>>> Geschäftsführer: Lennart Koopmann (CEO) >>>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Graylog Users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to graylog2+u...@googlegroups.com. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/graylog2/07152207-be40-45fc-ab3a-99b392120390%40googlegroups.com >>>>> <https://groups.google.com/d/msgid/graylog2/07152207-be40-45fc-ab3a-99b392120390%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> >>>> >>>> -- >>>> Developer >>>> >>>> Tel.: +49 (0)40 609 452 077 >>>> Fax.: +49 (0)40 609 452 078 >>>> >>>> TORCH GmbH - A Graylog Company >>>> Poolstraße 21 >>>> 20335 Hamburg >>>> Germany >>>> >>>> https://www.graylog.com <https://www.torch.sh/> >>>> >>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >>>> Geschäftsführer: Lennart Koopmann (CEO) >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Graylog Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to graylog2+u...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/graylog2/12c0f416-205f-4aad-878e-9ce816915dfb%40googlegroups.com >>> <https://groups.google.com/d/msgid/graylog2/12c0f416-205f-4aad-878e-9ce816915dfb%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Developer >> >> Tel.: +49 (0)40 609 452 077 >> Fax.: +49 (0)40 609 452 078 >> >> TORCH GmbH - A Graylog Company >> Poolstraße 21 >> 20335 Hamburg >> Germany >> >> https://www.graylog.com <https://www.torch.sh/> >> >> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >> Geschäftsführer: Lennart Koopmann (CEO) >> > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to graylog2+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/c9299372-b323-46ff-adfc-e06a16aad7f9%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/c9299372-b323-46ff-adfc-e06a16aad7f9%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- Developer Tel.: +49 (0)40 609 452 077 Fax.: +49 (0)40 609 452 078 TORCH GmbH - A Graylog Company Poolstraße 21 20335 Hamburg Germany https://www.graylog.com <https://www.torch.sh/> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 Geschäftsführer: Lennart Koopmann (CEO) -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAMqbBbJgMf1eLrb3iEpsQs%2BpRVxnDK_ae9tBSHdcfU5uO7vYDA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
