NxFilter Tutorial
Tutorial Index

Graylog to separate logging
You can build a separated logging/report  server using Graylog.

Content pack for NxFilter
When you have more than several thousand users, you might need to have a separated logging/reporting server as you can have heavy load on NxFilter. There are many specialized tools for logging/reporting  and we will talk about how to use one of them that is Graylog with NxFilter.

1. Download a content pack for Graylog from the link below.
    - Example content pack for Graylog v3 by JSON format
    - Example content pack for Graylog v3 by pipe separated string
    - Example content pack for Graylog v2 by pipe separated string

2. On Graylog GUI, import the content pack inside the zip file.
    - System > Content Packs > Import content pack

3. After import it, you will see 'NxFilter' content pack appeared.
    - Click 'NxFilter', select 'nxfilter-graylog-example' and apply it.

4. We use UDP/1514 port for Graylog input.

5. On NxFilter GUI, Go to 'System > Setup > Syslog', change  'Syslog Port'  to 1514.
    - And change  'Syslog Host'  as well.

6. Restart NxFilter and you will see your dashboard getting populated.
    - Select 'NxFilter 2 hours' dashboard on Graylog GUI.

After you build your own logging/reporting  on Graylog, you can bypass logging on NxFilter traffic DB completely. To bypass it, set 'Log Retention Days'  on 'System > Setup'  to 0.