已经完成的工作
1、服务器端graylog的web已经可以访问了
2、客户端graylog-collector-sidecar也安装配置完了,启动正常
3、修改了配置文件/etc/graylog/collector-sidecar/collector_sidecar.yml 如下:
server_url: http://192.168.1.7:12900 #graylog端的IP
node_id: graylog-collector-sidecar
collector_id: file:/etc/graylog/collector-sidecar/collector-id
tags:
- linux
- apache
- redis
update_interval: 10
log_path: /var/log/graylog/collector-sidecar
backends:
- name: nxlog
enabled: true
binary_path: /usr/bin/nxlog
configuration_path: /etc/graylog/collector-sidecar/generated/nxlog.conf
4、nxlog安装好了,修改配置文件/etc/nxlog/nxlog.conf 如下,启动失败
########################################
# Modules #
########################################
#<Extension _syslog>
# Module xm_syslog
#</Extension>
<Input in1>
Module im_file
File "/var/tmp/opencanary.log" #实际想要收集的log文件
SavePos TRUE
</Input>
#<Input in2>
# Module im_tcp
# Port 514
#</Input>
<Output fileout1>
Module om_udp
Host 192.168.1.7
Port 12201 #与graylog的input端口对应
</Output>
#<Output fileout2>
# Module om_file
# File "/var/log/nxlog/logmsg2.txt"
#</Output>
########################################
# Routes #
########################################
<Route 1>
Path in1 => fileout1
</Route>
#<Route tcproute>
# Path in2 => fileout2
#</Route>
5、运行systemctl start nxlog.service报错,
问题:
怎么才能让graylog收集到日志,请教各位大佬。