Are there any corrections that I should make to this config to ensure all Windows Events from a server are being sent to a graylog instance?
On Wednesday, August 10, 2016 at 3:20:19 PM UTC-4, Jamie P wrote: > > I wanted to make sure if the following config would have nxlog send all > event logs on a Windows Server (Domain Controller or otherwise) to a > graylog instance. > > ## This is a sample configuration file. See the nxlog reference manual > about the > ## configuration options. It should be installed locally and is also > available > ## online at http://nxlog.org/docs/ > > ## Please set the ROOT to the folder your nxlog was installed into, > ## otherwise it will not start. > > #define ROOT C:\Program Files\nxlog > define ROOT C:\Program Files (x86)\nxlog > > Moduledir %ROOT%\modules > CacheDir %ROOT%\data > Pidfile %ROOT%\data\nxlog.pid > SpoolDir %ROOT%\data > LogFile %ROOT%\data\nxlog.log > > #<Extension _syslog> > # Module xm_syslog > #</Extension> > > <Extension gelf> > Module xm_gelf > </Extension> > > <Input in> > Module im_msvistalog > # For windows 2003 and earlier use the following: > # Module im_mseventlog > </Input> > > <Output out> > Module om_udp > Host 192.168.1.79 > Port 12201 > OutputType GELF > # Exec to_syslog_snare(); > </Output> > > <Route 1> > Path in => out > </Route> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/affa0856-7ceb-44cd-b9c2-ecbb376f7f9e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.