I am using nxlog to my Graylog server. I am not sure if I did it correctly for my nxlog.conf. I want to send my downloaded android log to Graylog. I able to add in my windows log into my Graylogserver, however, I unable to see any of my android log in the Graylog. Would anyone help me to check if I did it correctly.
#NoFreeOnExit TRUE
define ROOT C:\Program Files\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf\nxlog.d
define LOGDIR %ROOT%\data
include %CONFDIR%\\*.conf
define LOGFILE %LOGDIR%\nxlog.log
# Define the log file at the root level
LogFile %LOGFILE%
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension _charconv>
Module xm_charconv
AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
</Extension>
<Extension _exec>
Module xm_exec
</Extension>
<Extension _fileop>
Module xm_fileop
# Check the size of our log file hourly, rotate if larger than 5MB
<Schedule>
Every 1 hour
Exec if (file_exists('%LOGFILE%') and \
(file_size('%LOGFILE%') >= 5M)) file_cycle('%LOGFILE%', 8);
</Schedule>
# Rotate our log file every week on Sunday at midnight
<Schedule>
When u/weekly
Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
</Schedule>
</Extension>
<Extnsion _gelf>
Module xm_gelf
</Extension>
# Snare compatible example configuration
# Collecting event log
<Input In_Security>
Module im_msvistalog
<QueryXML>
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">*</Select>
</Query>
</QueryList>
</QueryXML>
</Input>
<Input In_System>
Module im_msvistalog
<QueryXML>
<QueryList>
<Query Id="1" Path="System">
<Select Path="System">*</Select>
</Query>
</QueryList>
</QueryXML>
</Input>
<Input In_Setup>
Module im_msvistalog
<QueryXML>
<QueryList>
<Query Id="2" Path="Setup">
<Select Path="Setup">*</Select>
</Query>
</QueryList>
</QueryXML>
</Input>
<Input In_Android_Log>
Module im_file
File "E:\Andriod Log\phone1.txt"
SavePos TRUE
</Input>
# Converting events to Snare format and sending them out over TCP syslog
<Output graylog_security>
Module om_udp
Host 192.168.1.xxx
Port 12201
OutputType GELF
</Output>
<Output graylog_System>
Module om_udp
Host 192.168.1.xxx
Port 12201
OutputType GELF
</Output>
<Output graylog_Setup>
Module om_udp
Host 192.168.1.xxx
Port 12201
OutputType GELF
</Output>
<Output graylog_android>
Module om_tcp
Host 192.168.1.xxx
Port 12201
OutputType GELF
</Output>
# Connect input 'in' to output 'graylog'
<Route 1>
Path In_Security => graylog_security
</Route>
<Route 2>
Path In_System => graylog_System
</Route>
<Route 3>
Path In_Setup => graylog_Setup
</Route>
<Route 4>
Path In_Android_Log => graylog_android
</Route>