No output.

[gdolidze]

linux is good but having trouble on windows side now.


## See the nxlog reference manual at
## http://nxlog.org/nxlog-docs/en/nxlog-re ... anual.html

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
define CERT %ROOT%\cert

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

# Include fileop while debugging, also enable in the output module below
#<Extension fileop>
# Module xm_fileop
#</Extension>

<Extension json>
Module xm_json
</Extension>

<Extension syslog>
Module xm_syslog
</Extension>

<Input internal>
Module im_internal
</Input>

# Watch your own files
<Input file1>
Module im_file
File '%ROOT%\data\nxlog.log'
SavePos TRUE
</Input>

# Windows Event Log
<Input eventlog>
# Uncomment im_msvistalog for Windows Vista/2008 and later
Module im_msvistalog

# Uncomment im_mseventlog for Windows XP/2000/2003
# Module im_mseventlog
</Input>

<Output out>
Module om_tcp
Host 10.1.1.154
Port 3515

Exec $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message");
Exec $raw_event = to_json();

# Uncomment for debug output
# Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n");
</Output>

<Route 1>
Path internal, file1, eventlog => out
</Route>

[jolson]

What kind of problem are you having? Your posted configuration is a working one. I assume you've already installed nxlog, modified the configuration file, and restarted the service?

Jesse

[gdolidze]

Ya i did all that but i see nothing on the dashboard from that IP i only see the linux servers.

[jolson]

A few things come to mind.

1. The 'date' is being improperly set on your Windows Server logs. Try expanding your search to 'this month' and see if your Windows host shows up:

2015-06-12 14_03_20-Dashboard • Nagios Log Server - Firefox Developer Edition.png

2. The Windows Server isn't sending events at all. Please verify that the Windows Server is sending data by doing a tcpdump on your Nagios Log Server.

From the Nagios Log Server CLI:

Code: Select all

yum install -y tcpdump
tcpdump -n host 192.168.XXX.XXX

where 192.168.XXX.XXX is your Windows Server IP address.

[tmcdonald]

Any errors in the nxlog.log file on the Windows machine? It would be under C:\Program Files (x86)\nxlog\data or the equivalent path on your system.

What about on the Logserver machine? Anything under /var/log/logstash/logstash.log pertaining to a failed parse?

[gdolidze]

i just tried it on a another windows server same issue.
both are C:\Program Files (x86)\nxlog\conf

om C:\Program Files (x86)\nxlog\data/nxlog i see
2015-06-12 14:15:20 INFO nxlog-ce-2.8.1248 started
2015-06-12 14:15:20 INFO connecting to 10.1.1.154:3515
2015-06-12 14:21:56 WARNING stopping nxlog service
2015-06-12 14:21:56 WARNING nxlog-ce received a termination request signal, exiting...
2015-06-12 14:25:05 INFO connecting to 10.1.1.154:3515
2015-06-12 14:25:05 INFO nxlog-ce-2.8.1248 started
2015-06-12 15:14:50 WARNING stopping nxlog service
2015-06-12 15:14:50 WARNING nxlog-ce received a termination request signal, exiting...
2015-06-12 15:14:54 INFO nxlog-ce-2.8.1248 started
2015-06-12 15:14:54 INFO connecting to 10.1.1.154:3515

also i am getting no config file found : /usr/local/nagioslogserver/logstash/etc/conf.d, can you make sure to validate logstashs configurations

[jolson]

also i am getting no config file found : /usr/local/nagioslogserver/logstash/etc/conf.d, can you make sure to validate logstashs configurations

This could be a problem. Please run the following command on your Nagios Log Server:

Code: Select all

cat /usr/local/nagioslogserver/logstash/etc/conf.d/*

Do your configurations show up properly?