Problem in converting JSON to syslog
I was trying to convert JSON to syslog, okta logs are the source of JSON, but couldn't convert okta logs to syslogs and copy the converted logs to a .txt file as I was getting this: Module in2 got EOF from C:\Users\user\output.txt DEBUG got EOF for C:\Users\user\output.txt. Please help me in resolving this. My nxlog config file:
define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log NoCache TRUE LogLevel DEBUG
<Extension json> Module xm_json </Extension>
<Extension syslog> Module xm_syslog </Extension>
<Input in2> Module im_file File 'C:\Users\user\output.txt' SavePos TRUE ReadFromLast TRUE PollInterval 1 Exec $Message = $to_json; $SyslogFacilityValue = 22; </Input>
<Output out> Module om_file File 'C:\syslog\Sysoutput.txt' Exec to_syslog_bsd(); </Output>
<Route r> Path in2 => out </Route>
DEBUG got EOF for C:\Users\user\output.txt.
This just means it has run out of lines to read.
For Input in2, is this file ever appended to or is it as big as it is going to be? What I am getting at is NXLog only pulls events that are added to the file after we start to watch the file by default.
If what you are wanting is to read historical data, then you will want to change SavePos and ReadFromLast to False. Otherwise you will just need to wait for new lines to be added.
Are you actually getting JSON out? Without parsing something to get the fields, you probably don't have $Messages.
The $to_json; part should also be to_json();.
Your nxlog.log file should show you the errors, I would definitely suggest reading through that log first when things aren't working.
