Windows cannot forward EventLog without an agent that can talk to Graylog. We will use nxlog as agent to send log from Windows OS to graylog server.
Download and install nxlog program as below slides:
After successfully installed open nxlog.conf file:
Add following line to nxlog.conf file:
############## Extensions ############################
<Extension _gelf>
Module xm_gelf
</Extension>
<Input in>
Module im_msvistalog
# For windows 2003 and earlier use the following:
# Module im_mseventlog
</Input>
########################################
<Output out>
Module om_udp
Host 172.16.10.51
Port 12201
OutputType GELF
</Output>
<Route 1>
Path in => out
</Route>
############## Extensions ############################Then start nxlog service like as below:
We finish configuration on Windows server. Now we can move to graylog server to create input to receive logs. Message inputs are the Graylog parts responsible for accepting log messages.
There are many inputs that support graylog and We will use GELF UDP.
So login to graylog and go to System -> Inputs, choose GELF UDP from the list and click on Launch new input
Then fill all required field as below and click Save:
Click “Show received messages” to look at logs:
Logs received:
That’s all. I hope, this article was helpful for you and You can look at other articles about graylog from here Graylog log management
