Hi there!
I know, this topic have been discussed many time before on this Platform, But i still have some issue with Receving Log from the Windows Platform to Logstash Server.
Logstash Server: Ubuntu.
i have tried to get the log Via NXlog and SysLog agent but it still doesnt work.
can someone pass me a link or any help , how to configure this.
thanks
What doesn't work? Are you talking about the Windows Event Log or text files? Is NXLog is able to read events but fails when shipping the messages? Is Logstash receiving the messages but not able to parse them correctly?
Hi there,
I have both Machine in the Same subnet and i can access the log from linux machine(Cent OS) via Logstash(agent) over the redis (Port 6379) but when i try to sip the logs from windows Machine to Logstash Server Via NXLOG,
it gves me this error. and i am using Port TCP port 3515.
No connection could be made because the target machine actively refused it
**
**
tcp {
type => "eventlog"
port => 3515
codec => "line"
}
and NXLOG Config File
Module om_tcp
Host 10.30.0.175
Port 3515
Looks Like this.
thanks
Hi there!!
now all is working! i can see the windows log within Kibana Interface.
But its sending all the Logs! I just need to filter some useful info.
SOLUTION
what i did!!
NXLOG Set UP
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; to_json();
<Route 1>
Path internal, eventlog => out
**LOGstash Config File
**
tcp {
codec => json_lines { charset => CP1252 }
port => "3515"
tags => [ "tcpjson" ]
}
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.