Request trial
Request Trial

$raw_event from input im_file module not sent when output module uses om_tcp module with snare or bsd format

Tags: #NXlog #snare #bsd #windows
#1 emyatsuna

Hi,

I'm trying to send a raw event in our specific logfile to another server via tcp using NXlog CE. The receiving end requires snare or bsd format. I already used the to_syslog_snare() and to_syslog_bsd() in the om_tcp module but it didn't work. I also tried to parse input module by adding empty condition to check raw event but it didn't work too.

If I hardcode the raw event using exec then convert to snare or bsd in the output module, I'm receiving the hardcoded and formatted event in my server. Have I missed any configurations? Below is mysample config. Thanks a lot!

<Extension _syslog>
 Module      xm_syslog
</Extension>
    
<Input in>
 Module    im_file
 File      "C:/test.txt"
 ReadFromLast TRUE
 SavePos  TRUE
 
 # if empty line then do not send
 if $raw_event !~ /^.*$/
 {
  drop();
 }
 else
 {
  $raw_event = to_syslog_bsd();
  }
 
</Input>
    
<Output out>
 Module om_tcp
 Host   myserver
 Port   8888
 
 # to_syslog_snare(); # not receiving raw event in myserver
 # to_syslog_bsd(); # not receiving raw event in myserver
 # Exec $raw_event = "Hello there!"; to_syslog_bsd(); # this works; hardcoded one and formatted to syslog_bsd
</Output>

<Route testroute>
 Path    in => out
</Route>

C:/test.txt

Hello
This is a test!
3rd line
Bye
Permalink
#2 manuel.munozDeactivated Nxlog ✓
#1 emyatsuna
Hi, I'm trying to send a raw event in our specific logfile to another server via tcp using NXlog CE. The receiving end requires snare or bsd format. I already used the to_syslog_snare() and to_syslog_bsd() in the om_tcp module but it didn't work. I also tried to parse input module by adding empty condition to check raw event but it didn't work too. If I hardcode the raw event using exec then convert to snare or bsd in the output module, I'm receiving the hardcoded and formatted event in my server. Have I missed any configurations? Below is mysample config. Thanks a lot! <Extension _syslog> Module xm_syslog </Extension> <Input in> Module im_file File "C:/test.txt" ReadFromLast TRUE SavePos TRUE # if empty line then do not send if $raw_event !~ /^.*$/ { drop(); } else { $raw_event = to_syslog_bsd(); } </Input> <Output out> Module om_tcp Host myserver Port 8888 # to_syslog_snare(); # not receiving raw event in myserver # to_syslog_bsd(); # not receiving raw event in myserver # Exec $raw_event = "Hello there!"; to_syslog_bsd(); # this works; hardcoded one and formatted to syslog_bsd </Output> <Route testroute> Path in => out </Route> C:/test.txt Hello This is a test! 3rd line Bye

Hello,

I would use something like this...

<Extension _syslog>
  Module      xm_syslog
</Extension>

<Input in>
  Module       im_file
  File         'C:\test.txt'
  ReadFromLast TRUE
  SavePos      TRUE
  <Exec>
    if ($raw_event == "") { drop(); }
  </Exec>
</Input>

<Output out>
  Module  om_tcp
  Host    myserver
  Port    8888
  Exec    to_syslog_bsd(); 
</Output>
Login to see more

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS