Not 100% on what you mean with REM statement? I presume you mean you add a hash/pound at the beginning of the line?
Also look in the nxlog log file for some tips on what the issue could be. Maybe paste your non-starting config as well, but, as was mentioned, this is not really the forum for NXLog questions, but sure we can try help On Tuesday, November 22, 2016 at 6:05:25 AM UTC+13, Ed Berlot wrote: > > After a bit of trial and and lots of reading, I managed to get Graylog > working like a charm > > > I'm using NXLOG to send the logs to Graylog via GELF UDP > > Using the appliance gives me limtied space and i will run out of space > eventually. > Right now I'm just testing and trying diffrent things. > > 4 serves sending the logs has consumed over 5gb of data over the last week > and I have well over 100 not to mention the CISCO/Juniper devices I have. > That said, this is my current config and it works like a charm > > > __________________________________________________________ > define ROOT C:\Program Files (x86)\nxlog > Moduledir %ROOT%\modules > CacheDir %ROOT%\data > Pidfile %ROOT%\data\nxlog.pid > SpoolDir %ROOT%\data > LogFile %ROOT%\data\nxlog.log > <Extension gelf> > Module xm_gelf > </Extension> > <Input in> > # Use ’im_mseventlog’ for Windows XP, 2000 and 2003 > Module im_msvistalog > # Uncomment the following to collect specific event logs only > Query <QueryList>\ > <Query Id="0">\ > <Select Path="System">*</Select>\ > <Select Path="Application">*</Select>\ > <Select Path="Security">*</Select>\ > </Query>\ > </QueryList> > </Input> > <Output out> > Module om_udp > Host 10.60.10.62 > Port 12201 > OutputType GELF > </Output> > <Route r> > Path in => out > </Route> > _______________________________________________________ > > Now I put a REM statement at the beginning of the file > > # Just capturing security logs > > The service won't start. > If I rem out Application and System path, it won't start. > > Any suggestions? > > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/37472b8f-30ad-4198-9ad5-c7de7272314d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
