Graylog – Monitor your log from syslog, nxlog, ossec

Posted on by phong

http://docs.graylog.org/en/latest/pages/collector_sidecar.html

https://tom-henderson.github.io/2015/04/15/graylog.html

image-2016101737-001

 

https://groups.google.com/forum/#!topic/graylog2/8Y5r46Yv_BI

This is a working NXLOG configuration. You can use this as example.
Cheers.
Mehmet
########################################
# Global directives                    #
########################################

User root
#User nxlog

Group nxlogLogFile /var/log/nxlog/nxlog.log
LogLevel INFO

########################################
# Modules                              #
########################################

<Extension gelf>
Module      xm_gelf
</Extension>

<Input in1>
Module      im_file
File        “/var/log/messages”
SavePos     TRUE
</Input>

<Input access_log>
Module  im_file
File    “/var/log/httpd/access_log”
Exec    if $raw_event =~ /^(\S+) (\S+) (\S+) \[([^\]]+)\] \”(\S+) (.+) HTTP.\d\.\d\” (\d+) (\d+) \”([^\”]+)\” \”([^\”]+)\”/\
{ \
$Hostname = $1; \
if $3 != ‘-‘ $AccountName = $3; \
$EventTime = parsedate($4); \
$HTTPMethod = $5; \
$HTTPURL = $6; \
$HTTPResponseStatus = $7; \
$FileSize = $8; \
$HTTPReferer = $9; \
$HTTPUserAgent = $10; \
}
</Input>

<Output graylog_out>
Module      om_udp
Host        192.168.100.111
Port        12201
OutputType  GELF_UDP

</Output>########################################
# Routes                               #
########################################
<Route 1>

Path        in1 => graylog_out
</Route>

<Route 2>
Path        access_log => graylog_out
</Route>

 

http://www.emind.co/how-to/configure-nxlog-send-logs-to-graylog2/

Configure NXlog send logs to Graylog2

OS: CentOS 6.3 x86_64
Graylog2-Server Version: 0.11.0
Graylog2-web-interface Version: 0.11.0
NXlog Version: nxlog-ce-2.2
Hardware: Virtual Box 4.2.8

About

NXlog is a great tool to use to send your log files to graylog2 server.

In this guide a will show how to install nxlog with a simple configuration that set nxlog to listen for messages from a local file and send them to graylog2 server

Install NXlog

  • Download and install nxlog
  • Download and extract graylog2-radio
cd /usr/local/src
wget http://sourceforge.net/projects/nxlog-ce/files/nxlog-ce-2.3.1027-1.x86_64.rpm
yum localinstall nxlog-ce-*.rpm -y
  • Configure NXlog to send logs to graylog2 server
vi /etc/nxlog.conf
########################################
# Global directives                    #
########################################
User nxlog
Group nxlog

LogFile /var/log/nxlog/nxlog.log
LogLevel INFO

########################################
# Modules                              #
########################################
<Extension gelf>
    Module      xm_gelf
</Extension>

<Input in>
        Module  im_file
        File    "/var/log/messages"
</Input>

<Output out>
    Module      om_udp
    Host        graylog2-server.local
    Port        12201
    OutputType  GELF
</Output>

########################################
# Routes                               #
########################################
<Route r>
    Path        in => out
</Route>
  • Configure NXlog to start at boot and start it
chkconfig nxlog on
service nxlog start

That’s all. Now you can check your new log messages in graylog2 server

More guides in Graylog2 Category

Useful links:

Written by phong

View all author posts →

View Larger Map