logstash windows nxlog config example

Logstash can gather logs from different OS, so I installed nxlog on each Windows machine in my infrastructure. And now I can view log in one place in my Kibana interface:

nxlog windows example

logstash.conf

input {
  syslog {
    type => LinuxLog
    port => 5514
  }

  udp {
    type => "WindowsLog"   
    codec => json 
    port => 5140
  }

}

output {
  elasticsearch { host => localhost }
  stdout { codec => rubydebug }
}


nxlog.conf

## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.


#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension charconv>
    Module      xm_charconv
    AutodetectCharsets utf-8, euc-jp, utf-16, utf-32, iso8859-2
</Extension>

<Extension json>
    Module	xm_json
</Extension>

<Input in>
    Module      im_msvistalog
    Exec	convert_fields("AUTO", "utf-8");
# For windows 2003 and earlier use the following:
#   Module      im_mseventlog
    Exec        to_json();
</Input>

<Output out>
    Module      om_udp
    Host        log.alexlinux.com
    Port        5140
</Output>

<Route 1>
    Path        in => out
</Route>

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>