NxFilter Tutorial
  • US English
  • DE Deutsch
  • ES Español
  • FR Français
  • IT Italiano
  • JP 日本語
  • BR Português
  • RU Русский
  • TR Türkçe
Graylog to separate logging
You can create a separate logging/report server using Graylog.

Content pack for NxFilter
If you have several thousand users or more, you may need a separate logging/reporting server as it can place a heavy load on NxFilter. There are many specialized tools for logging/reporting, and we will discuss how to use one of them that is Graylog, with NxFilter.

1. Download a content pack for Graylog from the link below.
    - Example content pack for Graylog v3 by JSON format
    - Example content pack for Graylog v3 by pipe separated string
    - Example content pack for Graylog v2 by pipe separated string

2. On Graylog GUI, import the content pack inside the zip file.
    - System > Content Packs > Import content pack

3. After import it, you will see 'NxFilter' content pack appeared.
    - Click 'NxFilter', select 'nxfilter-graylog-example' and apply it.

4. We use UDP/1514 port for Graylog input.

5. On NxFilter GUI, Go to System > Setup > Syslog, change Syslog Port to 1514.
    - And change Syslog Host as well.

6. Restart NxFilter and you will see your dashboard getting populated.
    - Select 'NxFilter 2 hours' dashboard on Graylog GUI.

After creating your logging/reporting server with Graylog, you can completely bypass logging on the NxFilter traffic DB. To do this, set Log Retention Days on System > Setup  to 0.