Step 1 – Install nxloghttp://sourceforge.net/projects/nxlog-ce/
Step 2 – ConfigurationReplace your C:\Program Files*\nxlog\conf\nxlog.conf with the following configuration sample. Include your Loggly Customer Token where specified. Make sure that you run the text editor as Administrator (use Notepad rather than WordPad):
Step 3 – Start nxlogDouble click on C:\Program Files*\nxlog\nxlog.exe to start the service.
If nxlog is already running, make sure to restart nxlog in order for any new configuration changes to take effect:
Start the Service Manager, find 'nxlog' in the list. Select it and restart the service.
Optional: Using TLSIf you want to send logs securely over TLS, it's pretty easy to set up. Download these two certificates:
Concatenate them together into one file, called: loggly_full.crt:
cmd /c copy /b loggly.com.crt+sf_bundle.crt loggly_full.crtPlace it into your C:\Program Files*\nxlog\cert directory.
Make the following changes to your nxlog configuration:
<Output out> Module om_tcp Host logs-01.loggly.com Port 514 Exec to_syslog_ietf();\ $raw_event = replace($raw_event, 'NXLOG@14506', '<CUST_TOKEN>@41058 tag="windows"] [', 1); </Output>TO:
<Output out> Module om_ssl Host logs-01.loggly.com Port 6514 CAFile %CERTDIR%/loggly_full.crt AllowUntrusted FALSE Exec to_syslog_ietf();\ $raw_event = replace($raw_event, 'NXLOG@14506', '<CUST_TOKEN>@41058 tag="windows"] [', 1); </Output>
TroubleshootingIf your logs haven’t made it to Loggly yet, open up the nxlog log file and see what’s going on: C:\Program Files*\nxlog\data\nxlog.log
In order to see what’s actually sent over to Loggly, edit your nxlog configuration file: Add this section with the other Extensions:
<Extension fileop> Module xm_fileop </Extension>This line should go into the Output module that you’re debugging:
Exec file_write("C:\\Program Files (x86)\\nxlog\data\\nxlog_output.log", $raw_event);
“Connection attempt failed”Sample messages:
2013-06-04 16:35:59 ERROR couldn't connect to tcp socket on 192.168.1.1:514; A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. 2013-06-04 16:36:00 INFO connecting to 192.168.1.1:514 2013-06-04 16:36:21 INFO reconnecting in 2 secondsIf you see an error connecting to “tcp socket on 192.168.1.1:514”, you’ve probably got an issue with the configuration file. Make sure that you’re editing the configuration file as “Administrator”, this means that you should actually open up text editor as Administrator
“Failed to open”
2013-06-04 20:46:48 WARNING nxlog-ce received a termination request signal, exiting... 2013-06-04 20:57:10 ERROR failed to open C:\Program Files (x86);xlog\data;xlog.log; The filename, directory name, or volume label syntax is incorrect. 2013-06-04 20:57:10 INFO nxlog-ce-2.4.1054 startedWhen you designate a directory path, be sure to escape any special characters, including back slashes.
File "C:\\Program Files (x86)\nxlog\data\nxlog.log"To:
File "C:\\Program Files (x86)\\nxlog\\data\\nxlog.log"NOTE: you can also try escaping only the \n which gets confused with new line characters.
C:\Program Files (x86)\\nxlog\data\\nxlog.log'
2013-06-04 21:36:28 ERROR file is already defined at C:\Program Files (x86)\nxlog\conf\nxlog.conf:34 2013-06-04 21:36:28 ERROR module 'file_watch' has configuration errors, not adding to route '1' at C:\Program Files (x86)\nxlog\conf\nxlog.conf:58 2013-06-04 21:36:28 WARNING not starting unused module file_watch
Each input module can only reference one source. Create unique names for each of the input streams. E.g.
<Input python_logs> Module im_file File "C:\\Your Project\\Python\\mylog.log" SavePos TRUE </Input> <Input apache_logs> Module im_file File “C:\\Program Files (x86)\\Apache Group\Apache2\logs\error.log” SavePos TRUE </Input>Double check that your Route module has the complete list of Input modules. E.g.
<Route 1> Path internal, python_logs, apache_logs, eventlog => out </Route>