Como instalar a configurar o Nxlog para enviar Log para Graylog

Como instalar a configurar o Nxlog para enviar Log para Graylog

Arquivo de configurção para enviar arquvios deletados do servidor windows para o GrayLog

Acesse https://nxlog.co/downloads/nxlog-ce#nxlog-community-edition para baixar a aplicação para Windows

Instale o Nxlog em C:\nxlog

Edite o arquivo c:\nxlog\conf\nxlog.conf

 

Copie e cole essa diretiva.

Maiores inforamções em:

https://docs.nxlog.co/userguide/integrate/windows-eventlog.html

 

Panic Soft
#NoFreeOnExit TRUE

define ROOT     C:\nxlog
define CERTDIR  %ROOT%\cert
define CONFDIR  %ROOT%\conf\nxlog.d
define LOGDIR   %ROOT%\data

include %CONFDIR%\\*.conf
define LOGFILE  %LOGDIR%\nxlog.log
LogFile %LOGFILE%

Moduledir %ROOT%\modules
CacheDir  %ROOT%\data
Pidfile   %ROOT%\data\nxlog.pid
SpoolDir  %ROOT%\data

<Extension _syslog>
    Module      xm_syslog
</Extension>

<Extension _charconv>
    Module      xm_charconv
    AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
</Extension>

<Extension _exec>
    Module      xm_exec
</Extension>

<Extension _fileop>
    Module      xm_fileop

    # Check the size of our log file hourly, rotate if larger than 5MB
    <Schedule>
        Every   1 hour
        Exec    if (file_exists('%LOGFILE%') and \
                   (file_size('%LOGFILE%') >= 5M)) \
                    file_cycle('%LOGFILE%', 8);
    </Schedule>

    # Rotate our log file every week on Sunday at midnight
    <Schedule>
        When    @weekly
        Exec    if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
    </Schedule>
</Extension>

<Extension _gelf>
    Module      xm_gelf
</Extension>

# <Input in>
    # Module      im_msvistalog
# </Input>

<Input security_events>
    Module    im_msvistalog
    <QueryXML>
        <QueryList>
            <Query Id="0">
                <Select Path="Security">
                *[System[(Level=0) and (EventID=5145)]]
                and
                *[EventData[Data[@Name='AccessMask']and(Data='0x110080')]]
                </Select>
            </Query>
         </QueryList>
    </QueryXML>
</Input>

<Output out>
    Module          om_udp
    Host            log.cuidadodigital.com.br
    Port            12201
    Exec            to_syslog_snare();
    OutputType      GELF_UDP
</Output>

<Route 1>
    # Path        in => security_events => out
    Path        security_events => out
</Route>

 

Sobre o Autor

Diego Elcain administrator