logstash (or graylog?) vs nxLog to collect event logs and csv logs [closed]

Logstash and Graylog are very similar pieces of software. They're both designed to take log data over the network and store it in ElasticSearch where it can be picked up by a web interface later. Graylog2 is designed to have sensible out-of-the-box defaults for most people, while Logstash is designed to be highly programmable, and the latest minor version (1.2) includes a reasonably featureful configuration language with full support for conditionals, like nxlog has on the client side.

In terms of web interfaces, Logstash generally uses Kibana, while Graylog2 ships with its own web interface. My recommendation is to try both out and see which you like more. Graylog2 needs less tinkering, but Kibana is absurdly more powerful in terms of what you can do with custom reporting dashboards.

The eventlog input is intended to be run locally from a Logstash agent installed on the Windows host that you want to collect logs on. Since the Logstash agent is written in Java, and the JVM can tie up a huge amount of memory, you probably don't want it hanging out unless you have a pile of memory floating around on your systems. nxlog is a lot leaner and does a great job pulling Windows Event Log data and forwarding it to Logstash using JSON or GELF. Its configuration syntax is also a lot more robust and full-featured than Logstash's, so you might find it easier to do complex things with your event logs before you forward them, like filtering out noisy logs before they ever get to the server.

Logstash has a CSV filter, so your best bet there is just to submit raw log data to the Logstash server over a TCP or UDP socket and let it figure the data out. nxlog might have functionality to do something similar, but I've never looked for it.