NXLog TLS Configuration

Loggly provides the infrastructure to aggregate and normalize log events so they are available to explore interactively, build visualizations, or create threshold-based alerting. In general, any method to send logs from a system or application to an external source can be adapted to send logs to Loggly. The following instructions provide one scenario for sending logs to Loggly.

You can securely send your logs to Loggly using TLS encryption. This guide shows you how to set it up for nxlog and is tested on Windows Server 2012.

NXLog TLS Configuration Setup

1. Install necessary security Certificates

Download the certificate file https://logdog.loggly.com/media/logs-01.loggly.com_sha12.crt

Then place it in your NXLog installation directory, such as C:\Program Files\*\nxlog\cert.

copy logs-01.loggly.com_sha12.crt "C:/Program Files/nxlog/cert"

2. Update the NXLog Configuration file

Open your configuration file (nxlog.conf) and update the output module by replacing the configuration given below.

<Output out>
  Module om_ssl
  Host logs-01.loggly.com
  Port 6514
  CAFile %CERTDIR%/logs-01.loggly.com_sha12.crt
  AllowUntrusted FALSE
  Exec $raw_event =~ s/\[NXLOG@14506[^\]]*\] /[CUSTOMER_TOKEN@41058 tag="windows"] /;
</Output>
 

Replace:

• TOKEN: your customer token from the source setup page

Restart NXLog after saving changes and send some Windows logs.

3. Verify Events

Search Loggly for events with the tag as windows over the past hour. It may take few minutes to index the event. If if doesn’t work, see the troubleshooting section below.

tag:windows 

4. Next Steps

• Troubleshooting with Windows Logs – Use your logs to troubleshoot failed login attempts, application crashes, service failures, and more.
• IIS Logs
• SQL Server Error Logs
• Windows File Monitoring

Advanced NXLog TLS Configuration Options

• NXLog Manual Configuration

Troubleshooting Your NXLog TLS Configuration

• Wait a few minutes in case indexing needs to catch up
• Make sure you restarted the nxlog service
• Check if the certificate is properly installed in the cert directory of NXLog
• Make sure port 6514 outbound is open on your firewall and network settings
• Check our guide on Troubleshooting Nxlog
• Search or post your own NXLog TLS configuration question in the community forum.

The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.