NXLog TCP Module Not Working

Question

I am trying to use NXLog to forward logs from a file on one computer to a file on another computer. I am new to NXLog but feel like I now have a good handle on it after consulting the documentation. Below is my configuration file for first the "from" computer and then the "to" computer. However, it does not seem to work.

I think the problems lies in one or more of the following:

1. NXLog config file
2. AWS Windows ec2 box ip/port setup
3. Network setup

Here what I have done:

"From" computer NXLog config file:

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension _syslog>
    Module xm_syslog
</Extension>

<Input file>
    Module      im_file
    File        "C:\Logs\AllLogItems.txt"
    InputType   LineBased
</Input>

<Output tcp>
    Module      om_tcp
    Host        52.91.47.52
    Port        3389
    OutputType  LineBased
</Output>

<Route 1>
    Path        file => tcp
</Route>

"To" computer NXLog config file:

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension _syslog>
    Module       xm_syslog
</Extension>

<Input in>
    Module       im_tcp
    InputType    LineBased
</Input>

<Output out>
    Module       om_file
    File         "C:\Users\Administrator\logs\\nxlog_test.txt"
    CreateDir    FALSE
    Truncate     FALSE
    OutputType   LineBased
</Output>

<Route 1>
    Path        in => out
</Route>

For the "to" computer, according to the documentation, if no Host is specified, localhost is the default.

When I start the NXLog service on the "from" computer this is what the log looks like:

2016-01-21 19:37:05 INFO nxlog-ce-2.9.1504 started
2016-01-21 19:37:05 INFO connecting to 52.91.47.52:3389

And then when I run my application which will write logs(which will then cause nxlog to react), the nxlog log looks like this:

2016-01-21 19:37:05 INFO nxlog-ce-2.9.1504 started
2016-01-21 19:37:05 INFO connecting to 52.91.47.52:3389
2016-01-21 19:40:25 INFO reconnecting in 1 seconds
2016-01-21 19:40:26 INFO connecting to 52.91.47.52:3389

When I start NXLog on the "to" computer, every seems to be fine as the nxlog log file looks like this:

2016-01-22 01:05:04 INFO nxlog-ce-2.9.1504 started

Now, the "to" computer is a AWS ec2 Windows box. The port I'm using in the nxlog (3389) is the RDP port assigned to the instance:

My thought was that even though the nxlog log didn't show an error, that this port was causing issues as is may be in use. Hence, I tried to open some more tcp ports (5000-5010) as shown in the picture. However, when I try any of these ports (5000-5010) in the nxlog config file, I get this error:

2016-01-21 19:50:32 INFO nxlog-ce-2.9.1504 started
2016-01-21 19:50:32 INFO connecting to 52.91.47.52:5005
2016-01-21 19:50:53 INFO reconnecting in 1 seconds
2016-01-21 19:50:53 ERROR couldn't connect to tcp socket on 52.91.47.52:5005; A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

I kind of expected this as when I go to a site like yougetsignal.com, it still says that ports 5000-5010 are closed. So it might be a problem with this.

I've tried to debug this for days and have ran out of options. Thanks for your help.

Answer 1

Decided this was a question more appropriate on ServerFault and so I posted it there are received a working answer. It can be found here