Create nxlog.conf

Window NXLOG configuration  for sending GELF format logs to Graylog 

File is located by default here:
C:\Program Files\nxlog\conf\nxlog.conf

nxlog.conf

@@ -0,0 +1,70 @@
+Panic Soft
+#NoFreeOnExit TRUE
+
+define ROOT     C:\Program Files\nxlog
+define CERTDIR  %ROOT%\cert
+define CONFDIR  %ROOT%\conf\nxlog.d
+define LOGDIR   %ROOT%\data
+
+include %CONFDIR%\\*.conf
+define LOGFILE  %LOGDIR%\nxlog.log
+LogFile %LOGFILE%
+
+Moduledir %ROOT%\modules
+CacheDir  %ROOT%\data
+Pidfile   %ROOT%\data\nxlog.pid
+SpoolDir  %ROOT%\data
+
+<Extension _syslog>
+    Module      xm_syslog
+</Extension>
+
+<Extension _charconv>
+    Module      xm_charconv
+    AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
+</Extension>
+
+<Extension _exec>
+    Module      xm_exec
+</Extension>
+
+<Extension _fileop>
+    Module      xm_fileop
+
+    # Check the size of our log file hourly, rotate if larger than 5MB
+    <Schedule>
+        Every   1 hour
+        Exec    if (file_exists('%LOGFILE%') and \
+                   (file_size('%LOGFILE%') >= 5M)) \
+                    file_cycle('%LOGFILE%', 8);
+    </Schedule>
+
+    # Rotate our log file every week on Sunday at midnight
+    <Schedule>
+        When    @weekly
+        Exec    if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
+    </Schedule>
+</Extension>
+
+<Extension _gelf>
+    Module      xm_gelf
+</Extension>
+
+# Snare compatible example configuration
+# Collecting event log
+ <Input in>
+     Module      im_msvistalog
+ </Input>
+ 
+# Converting events to Snare format and sending them out over TCP syslog
+ <Output out>
+     Module      om_udp
+     Host        [Graylog.Server.IP.Address]
+     Port        12201
+     OutputType  GELF
+ </Output>
+# 
+# Connect input 'in' to output 'out'
+ <Route 1>
+     Path        in => out
+ </Route>