Graylog to separate logging
You can build a separated logging/report server using Graylog.
Content pack for NxFilterWhen you have more than several thousand users, you might need to separate NxFilter's logging and reporting as it causes heavy load on your system. There are many specialized tools for logging/reporting and we will show you how to use one of them that is Graylog with NxFilter. 1. Download a content pack for Graylog from the link below.
- Example content pack for Graylog v3 by JSON format
- Example content pack for Graylog v3 by pipe separated string
- Example content pack for Graylog v2 by pipe separated string 2. On Graylog GUI, import the content pack inside the zip file.
- System > Content Packs > Import content pack 3. After import it, you will see 'NxFilter' content pack appeared.
- Click 'NxFilter', select 'nxfilter-graylog-example' and apply it. 4. We use UDP/1514 port for Graylog input. 5. On NxFilter GUI, Go to 'Config > Setup > Syslog', change 'Syslog Port' to 1514.
- And change 'Syslog Host' as well. 6. Restart NxFilter and you will see your dashboard getting populated.
- Select 'NxFilter 2 hours' dashboard on Graylog GUI.
After you build your own logging/reporting on Graylog, you can bypass logging on NxFilter traffic DB completely. To bypass it, set 'Log Retention Days' on 'Config > Setup' to 0.