NxFilter Tutorial
Tutorial Index

Graylog to separate logging
You can build a separated logging/report  server using Graylog.

Content pack for NxFilter
When you have more than several thousand users, you might need to separate NxFilter's logging and reporting as it causes heavy load on your system. There are many specialized tools for logging/reporting  and we will show you how to use one of them that is Graylog with NxFilter.

1. Download a content pack for Graylog from the link below.
    - Example content pack for Graylog v3 by JSON format
    - Example content pack for Graylog v3 by pipe separated string
    - Example content pack for Graylog v2 by pipe separated string

2. On Graylog GUI, import the content pack inside the zip file.
    - System > Content Packs > Import content pack

3. After import it, you will see 'NxFilter' content pack appeared.
    - Click 'NxFilter', select 'nxfilter-graylog-example' and apply it.

4. We use UDP/1514 port for Graylog input.

5. On NxFilter GUI, Go to 'Config > Setup > Syslog', change  'Syslog Port'  to 1514.
    - And change  'Syslog Host'  as well.

6. Restart NxFilter and you will see your dashboard getting populated.
    - Select 'NxFilter 2 hours' dashboard on Graylog GUI.

After you build your own logging/reporting  on Graylog, you can bypass logging on NxFilter traffic DB completely. To bypass it, set 'Log Retention Days'  on 'Config > Setup'  to 0.