NXlog to read new log and send content of file to syslog server
Hello Team,
I am new to Nxlog and we have a requirement to send below log file content to syslog server, fields will be same for every new log file. Can you please help in writing conf file to send it to syslog.
Sample Log file.
OPSWAT - METADEFENDER KIOSK SCAN RESULTS
User ID: TRAININGLAB\syslog Profile: Default Session ID: 52CE90C9-73DC-4150-AE7F-1FDCFF933D3F
PROCESSING FINISHED SUCCESSFULLY
Process Start Time: 2019-09-21 16:09:36 Process Finish Time: 2019-09-21 16:10:55
MetaDefender Kiosk Version: 4.3.5.2010 MetaDefender Core Version: 4.16.2
Device Information Manufacturer: (Standard disk drives) Model: SanDisk Cruzer Blade USB Device Serial Number: 4C530000260530107000 Device ID: USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_BLADE&REV_1.00\4C530000260530107000&0 Media Type: USB Device Partition Count: 1 Partition Name: Disk #1, Partition #0
- Bootable: NO Disk Usage: 39MB / 14GB Scanning System: SYSTEM1
Full Media Scanned: NO Full Media Processed: NO Total Files Scanned: 7 Total Files Processed: 7
Blocked Files No blocked files found
Blocked Actions Taken - Sanitized: 0 - Quarantined: 0 - Deleted: 0 - Post Action Ran: 0 - Copied To Media: 0 - Copied To Directory: 0 - Copied To Vault Server: 0 - Moved To Media: 0 - Moved To Directory: 0 - Moved To Vault Server: 0 - Destination Media Wiped: NO
Allowed Actions Taken - Sanitized: 0 - Post Action Ran: 0 - Copied To Media: 0 - Copied To Directory: 0 - Copied To Vault Server: 0 - Moved To Media: 0 - Moved To Directory: 0 - Moved To Vault Server: 0 - Destination Media Wiped: NO
Skipped Files: 0
Failed To Delete: 0
File Type Totals application/octet-stream: 1 application/pdf: 2 application/x-dosexec: 2 text/plain: 2
ALLOWED FILES
-
PATH: E:\New Text Document (6).txt SHA-256: E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
-
PATH: E:\SanDiskSecureAccess\DownloadSanDiskSecureAccess_Mac.pdf SHA-256: B2E01B65F369095428DB35D59A41FDB80A5B16F6C496D7420D814B63CC8EEDCB
-
PATH: E:\SanDiskSecureAccess\SanDisk_SecureAccess_QSG.PDF SHA-256: BC6D908229CA23F0FA78690BF5CD498F67A6FDB5CD368A4F89BABC98427A93CB
-
PATH: E:\New Text Document (7).txt SHA-256: BDED243D2EEDEEF19D62D88A361A7019A007363BBBF429A873320015B865A456
-
PATH: E:\sgbox.txt SHA-256: CA3ED41768F78C7E61BC782716010A208DE09464BDEB283D27DABE57318EE3B8
-
PATH: E:\SanDiskSecureAccessV3.1_win.exe SHA-256: 829F3BC240D26077AC00CE58B15D7D349E5D473B83629D3CC404A34BA865C9EC
-
PATH: E:\epm.exe SHA-256: 3D878E578E7340443785D4DC6CEA0A5B415D3BB107AFB0282DFEBF776930B216
Nxlog.conf which I have used
Panic Soft #NoFreeOnExit TRUE
define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE%
Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data
<Extension syslog> Module xm_syslog
</Extension>
<Extension multiline_parser> Module xm_multiline #HeaderLine "OPSWAT - METADEFENDER KIOSK SCAN RESULTS" HeaderLine /.OPSWAT./
</Extension>
<Input log_file> Module im_file # define the file path (es: below) # to collect logs from different files you need to indicate the format of the files for example .txt as in the following example. File 'c:\Program Files (x86)\OPSWAT\Metadefender Kiosk\Client\Log*----.log' InputType multiline_parser Exec to_syslog_bsd();
</Input>
<Output log_file_out> Module om_udp # ip address/hostname of the SGBox Host ************* # Port Port 514
</Output>
<Route log_file> Path log_file => log_file_out </Route>
