One of the default, out of box log collectors available in a fresh, clean install of Graylog (testing with 5.0.5) is nxlog (windows).
This collector defines an executable path of C:\Program Files (x86)\nxlog\nxlog.exe. However, when downloading/installing NXLog, the default is the native x64 install, which uses path C:\Program Files\nxlog\nxlog.exe.
It also appears, and testing verifies this, that C:\Program Files\nxlog\nxlog.exe is not a default defined entry for collector_binaries_accesslist.
This will cause friction and frustration when attempting to use NXlog on windows with graylog.
Expected Behavior
Default, out of box collector for nxlog (windows) works with the default install path on x64 windows os without any further configuration.
Current Behavior
A lot of extra work is needed (creating a custom collector, updating the sidecar.yml config) to get nxlog x64 working with graylog.
Possible Solution
Change the default 'Executable Path' for nxlog (windows) to use C:\Program Files\nxlog\nxlog.exe, or add another nxlog (windows) collector for x64 endpoint use.
This makes using nxlog considerably more difficult that it should be and forces the graylog admin to know the above info (which to be honest isn't very well documented). Fixing this will greatly simplify the use of nxlog as a collector.
Your Environment
Graylog Version: 5.0.5
Java Version: Bundled JDK
Elasticsearch (OpenSearch) Version: 2.6.0
MongoDB Version: 6.0.5
Operating System: Ubuntu Server 22.04 LTS
Browser version: Chrome Version 111.0.5563.146 (Official Build) (arm64)
Please let me know if there are any questions. Happy to discuss further.
One of the default, out of box log collectors available in a fresh, clean install of Graylog (testing with 5.0.5) is nxlog (windows).
This collector defines an executable path of
C:\Program Files (x86)\nxlog\nxlog.exe
. However, when downloading/installing NXLog, the default is the native x64 install, which uses pathC:\Program Files\nxlog\nxlog.exe
.It also appears, and testing verifies this, that
C:\Program Files\nxlog\nxlog.exe
is not a default defined entry for collector_binaries_accesslist.This will cause friction and frustration when attempting to use NXlog on windows with graylog.
Expected Behavior
Default, out of box collector for nxlog (windows) works with the default install path on x64 windows os without any further configuration.
Current Behavior
A lot of extra work is needed (creating a custom collector, updating the sidecar.yml config) to get nxlog x64 working with graylog.
Possible Solution
C:\Program Files\nxlog\nxlog.exe
, or add another nxlog (windows) collector for x64 endpoint use.C:\Program Files\nxlog\nxlog.exe
to the default collector_binaries_accesslistSteps to Reproduce (for bugs)
Context
This makes using nxlog considerably more difficult that it should be and forces the graylog admin to know the above info (which to be honest isn't very well documented). Fixing this will greatly simplify the use of nxlog as a collector.
Your Environment
Elasticsearch(OpenSearch) Version: 2.6.0Please let me know if there are any questions. Happy to discuss further.