Graylog to separate logging
You can build a separated logging/report server using Graylog.
Content pack for NxFilterWhen you have more than several thousand users, you might need to have a separated logging/reporting server as you can have heavy load on NxFilter. There are many specialized tools for logging/reporting and we will talk about how to use one of them that is Graylog with NxFilter. 1. Download a content pack for Graylog from the link below.
- Example content pack for Graylog v3 by JSON format
- Example content pack for Graylog v3 by pipe separated string
- Example content pack for Graylog v2 by pipe separated string 2. On Graylog GUI, import the content pack inside the zip file.
- System > Content Packs > Import content pack 3. After import it, you will see 'NxFilter' content pack appeared.
- Click 'NxFilter', select 'nxfilter-graylog-example' and apply it. 4. We use UDP/1514 port for Graylog input. 5. On NxFilter GUI, Go to 'Config > Setup > Syslog', change 'Syslog Port' to 1514.
- And change 'Syslog Host' as well. 6. Restart NxFilter and you will see your dashboard getting populated.
- Select 'NxFilter 2 hours' dashboard on Graylog GUI.
After you build your own logging/reporting on Graylog, you can bypass logging on NxFilter traffic DB completely. To bypass it, set 'Log Retention Days' on 'Config > Setup' to 0.