I am trying to use NXLog to forward logs from a file on one computer to a file on another computer. I am new to NXLog but feel like I now have a good handle on it after consulting the documentation. Below is my configuration file for first the "from" computer and then the "to" computer. However, it does not seem to work.
I think the problems lies in one or more of the following:
NXLog config file
AWS Windows ec2 box ip/port setup
Network setup
Here what I have done:
"From" computer NXLog config file:
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension _syslog>
Module xm_syslog
</Extension>
<Input file>
Module im_file
File "C:\Logs\AllLogItems.txt"
InputType LineBased
</Input>
<Output tcp>
Module om_tcp
Host 52.91.47.52
Port 3389
OutputType LineBased
</Output>
<Route 1>
Path file => tcp
</Route>
"To" computer NXLog config file:
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension _syslog>
Module xm_syslog
</Extension>
<Input in>
Module im_tcp
InputType LineBased
</Input>
<Output out>
Module om_file
File "C:\Users\Administrator\logs\\nxlog_test.txt"
CreateDir FALSE
Truncate FALSE
OutputType LineBased
</Output>
<Route 1>
Path in => out
</Route>
For the "to" computer, according to the documentation, if no Host is specified, localhost is the default.
When I start the NXLog service on the "from" computer this is what the log looks like:
2016-01-21 19:37:05 INFO nxlog-ce-2.9.1504 started
2016-01-21 19:37:05 INFO connecting to 52.91.47.52:3389
And then when I run my application which will write logs(which will then cause nxlog to react), the nxlog log looks like this:
2016-01-21 19:37:05 INFO nxlog-ce-2.9.1504 started
2016-01-21 19:37:05 INFO connecting to 52.91.47.52:3389
2016-01-21 19:40:25 INFO reconnecting in 1 seconds
2016-01-21 19:40:26 INFO connecting to 52.91.47.52:3389
When I start NXLog on the "to" computer, every seems to be fine as the nxlog log file looks like this:
2016-01-22 01:05:04 INFO nxlog-ce-2.9.1504 started
Now, the "to" computer is a AWS ec2 Windows box. The port I'm using in the nxlog (3389) is the RDP port assigned to the instance:
My thought was that even though the nxlog log didn't show an error, that this port was causing issues as is may be in use. Hence, I tried to open some more tcp ports (5000-5010) as shown in the picture. However, when I try any of these ports (5000-5010) in the nxlog config file, I get this error:
2016-01-21 19:50:32 INFO nxlog-ce-2.9.1504 started
2016-01-21 19:50:32 INFO connecting to 52.91.47.52:5005
2016-01-21 19:50:53 INFO reconnecting in 1 seconds
2016-01-21 19:50:53 ERROR couldn't connect to tcp socket on 52.91.47.52:5005; A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
I kind of expected this as when I go to a site like yougetsignal.com, it still says that ports 5000-5010 are closed. So it might be a problem with this.
I've tried to debug this for days and have ran out of options. Thanks for your help.
Best Answer
Yes, but localhost (which is normally 127.0.0.1) is not accessible from the outside so you need to make it listen on an address that is accessible. Your im_tcp input instance needs this:
You should also specify the port there.