Writing WIndows Event Logs from Separate Servers to Multiple Files

#1 mc63 7 years ago

Hello,

I am trying to setup NXLog so that multiple Windows Servers will send their Event logs to a central server, and that server will output them into basic text files. The logs are delivered to the central server just fine, but instead of going to separate routes as I have configured, all logs appear to be delivered to the same route, which happens to be the first one listed. Any help would be greatly appreciated.

## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/docs/

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

########## BEGIN EXTENSIONS ##########

<Extension syslog>
Module xm_syslog
</Extension>

########## END EXTENSIONS ##########

########## BEGIN INPUTS ##########

<Input in_xxx>
    Module      im_tcp
    Host 0.0.0.0
    Port 514
</Input>

<Input in_yyy>
    Module      im_tcp
    Host 0.0.0.0
    Port 514
</Input>

<Input in_zzz>
    Module      im_tcp
    Host 0.0.0.0
    Port 514
</Input>

########## END INPUTS ##########

########## BEGIN OUTPUTS ##########

<Output out_xxx>
    Module      om_file
    File "C:\\Logs\\xxx_NXLog.txt"
    CreateDir FALSE
    Truncate FALSE
    OutputType LineBased
</Output>

<Output out_yyy>
    Module      om_file
    File "C:\\Logs\\yyy_NXLog.txt"
    CreateDir FALSE
    Truncate FALSE
    OutputType LineBased
</Output>

<Output out_zzz>
    Module      om_file
    File "C:\\Logs\\zzz_NXLog.txt"
    CreateDir FALSE
    Truncate FALSE
    OutputType LineBased
</Output>

########## END OUTPUTS ##########

########## BEGIN ROUTES ##########

########## END ROUTES ##########

Thank you.

Permalink

#2 b0ti Nxlog ✓ 7 years ago

#1 mc63

Hello, I am trying to setup NXLog so that multiple Windows Servers will send their Event logs to a central server, and that server will output them into basic text files. The logs are delivered to the central server just fine, but instead of going to separate routes as I have configured, all logs appear to be delivered to the same route, which happens to be the first one listed. Any help would be greatly appreciated. ## This is a sample configuration file. See the nxlog reference manual about the ## configuration options. It should be installed locally and is also available ## online at http://nxlog.org/docs/ ## Please set the ROOT to the folder your nxlog was installed into, ## otherwise it will not start. #define ROOT C:\Program Files\nxlog define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log ########## BEGIN EXTENSIONS ########## <Extension syslog> Module xm_syslog </Extension> ########## END EXTENSIONS ########## ########## BEGIN INPUTS ########## <Input in_xxx> Module im_tcp Host 0.0.0.0 Port 514 </Input> <Input in_yyy> Module im_tcp Host 0.0.0.0 Port 514 </Input> <Input in_zzz> Module im_tcp Host 0.0.0.0 Port 514 </Input> ########## END INPUTS ########## ########## BEGIN OUTPUTS ########## <Output out_xxx> Module om_file File "C:\\Logs\\xxx_NXLog.txt" CreateDir FALSE Truncate FALSE OutputType LineBased </Output> <Output out_yyy> Module om_file File "C:\\Logs\\yyy_NXLog.txt" CreateDir FALSE Truncate FALSE OutputType LineBased </Output> <Output out_zzz> Module om_file File "C:\\Logs\\zzz_NXLog.txt" CreateDir FALSE Truncate FALSE OutputType LineBased </Output> ########## END OUTPUTS ########## ########## BEGIN ROUTES ########## <Route 1> Path in_xxx => out_xxx </Route> <Route 2> Path in_yyy => out_yyy </Route> <Route 3> Path in_zzz => out_zzz </Route> ########## END ROUTES ########## Thank you.

All your tcp inputs are listening on port 514.