I have a Log directory at C:\Logs and in that directory are say 5 different logs, per day, by application. ex. app1-07262016.log, app2-07262016.log, etc... I want to watch these logs and send them over to Graylog.
I have nxlog installed on the Windows server along with sidecar. I've setup a Syslog/UDP input and it's collecting info from these logs. However the formatting isn't allowing for accurate searching. For example, everything is in the message: <https://lh3.googleusercontent.com/-UeoiAwYZPag/V5fTiXMERzI/AAAAAAAAAQg/1KiAdI4zhIs_8EsUjyq4e1fKWus4vr20wCLcB/s1600/Screenshot%2Bfrom%2B2016-07-26%2B15-17-07.png> In this example I'm unable to search for instances where the "level" = something. This one shows Debug but I'd want to eventually setup alerts for "level=Fatal". I assume that this is a result of how I've setup the nxlog.conf or created the input. The raw logs, as they are now, are pumped into Splunk and I can easily search for host=something level=Fatal and create an alert on that query. nxlog.conf which I cobbled together from various online sources: define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension syslog> Module xm_syslog </Extension> <Input in> Module im_file File 'c:\\Logs\\*.log' SavePos TRUE ReadFromLast TRUE Recursive TRUE PollInterval 1 </Input> <Output out> Module om_udp Host XXX.XXX.XXX.XXX Port 5555 Exec to_syslog_bsd(); </Output> <Route> Path ivx => out </Route> Any tips or ideas? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/f0acb92f-3175-42a9-973e-bfd1685e0faf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
