NXLog search
Let's talk Start free
Let's talk Start free

NXlog to read the contents of several files in a directory and send them to a Syslog Watcher server

Tags: logfile syslog convert send
#1 ChristopheC13

Hello NXLog user,

I'm new to Nxlog and I'm looking to send the contents of files (*.log) located in a single directory to a Syslog Watcher server (snmpsoft). A trace can be on one or multiple lines but each start of a new trace starts with the time.

Here is an example of a trace on one line (columns => time type severity thread file function content) :

17:13:00.000 APP__ WARNING 1aa20b54100 <capp.cpp:56> [[CApp::ExistInDirectory]] File 'tool.exe' not found in C:/prog

Here is an example of multiple traces and one on multiple line (columns => time type severity thread file function content) :

10:57:25.924 SQL__ ERROR__ 20d962b1270 <csqlquery.cpp:292> [[CSqlQuery::ErrQuery]] [cnx2238] [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Violation de la contrainte PRIMARY KEY « PK__T__3214EC27053CB3F2 ». Impossible d'insérer une clé en double dans l'objet « B.T ». Valeur de clé dupliquée : (44422). [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]L'instruction a été arrêtée. QODBC3: Impossible d'exécuter l'instruction

  • Source query * ..
  • Query with values * ...

10:57:25.926 APP__ ERROR__ 20d962b1270 <chistosystemautomate.cpp:67> [[CHistoSystemAutomate::MsgReceivedSystem]] { "code": 500004, "details": "", "message": "Impossible d'exécuter la requête SQL." }

Nxlog.conf that I tried to do

Panic Soft #NoFreeOnExit TRUE

define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %ROOT%\data\nxlog.log LogFile %LOGFILE%

Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data

<Extension _syslog> Module xm_syslog </Extension>

<Input messages> Module im_file File "C:\Users\toto\Documents\nxlog*.log" Exec $Message = $raw_event; </Input>

<Output tcp> Module om_tcp Host 0.0.0.0 Port 514 Exec to_syslog_bsd(); </Output>

<Output udp> Module om_udp Host 0.0.0.0 Port 514 Exec to_syslog_bsd(); </Output>

<Route messages_to_tcp> Path messages => tcp </Route>

<Route messages_to_udp> Path messages => udp </Route>

Can you help me to write the conf file.

A big thank you in advance

Christophe

Permalink
#2 ChristopheC13
#1 ChristopheC13
Hello NXLog user, I'm new to Nxlog and I'm looking to send the contents of files (*.log) located in a single directory to a Syslog Watcher server (snmpsoft). A trace can be on one or multiple lines but each start of a new trace starts with the time. Here is an example of a trace on one line (columns => time type severity thread file function content) : 17:13:00.000 APP__ WARNING 1aa20b54100 <capp.cpp:56> [[CApp::ExistInDirectory]] File 'tool.exe' not found in C:/prog Here is an example of multiple traces and one on multiple line (columns => time type severity thread file function content) : 10:57:25.924 SQL__ ERROR__ 20d962b1270 <csqlquery.cpp:292> [[CSqlQuery::ErrQuery]] [cnx2238] [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Violation de la contrainte PRIMARY KEY « PK__T__3214EC27053CB3F2 ». Impossible d'insérer une clé en double dans l'objet « B.T ». Valeur de clé dupliquée : (44422). [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]L'instruction a été arrêtée. QODBC3: Impossible d'exécuter l'instruction Source query * .. Query with values * ... 10:57:25.926 APP__ ERROR__ 20d962b1270 <chistosystemautomate.cpp:67> [[CHistoSystemAutomate::MsgReceivedSystem]] { "code": 500004, "details": "", "message": "Impossible d'exécuter la requête SQL." } Nxlog.conf that I tried to do Panic Soft #NoFreeOnExit TRUE define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %ROOT%\data\nxlog.log LogFile %LOGFILE% Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data <Extension _syslog> Module xm_syslog </Extension> <Input messages> Module im_file File "C:\Users\toto\Documents\nxlog*.log" Exec $Message = $raw_event; </Input> <Output tcp> Module om_tcp Host 0.0.0.0 Port 514 Exec to_syslog_bsd(); </Output> <Output udp> Module om_udp Host 0.0.0.0 Port 514 Exec to_syslog_bsd(); </Output> <Route messages_to_tcp> Path messages => tcp </Route> <Route messages_to_udp> Path messages => udp </Route> Can you help me to write the conf file. A big thank you in advance Christophe

Hello NXLog user,

I forgot to specify that I use the community edition.

I tried to modify the configuration (Nxlog.conf) but without success :-(

Panic Soft #NoFreeOnExit TRUE

define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %ROOT%\data\nxlog.log LogFile %LOGFILE%

Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data

<Extension _syslog> Module xm_syslog </Extension>

<Input messages> Module im_file File "C:\Users\toto\Documents\nxlog*.log" <Exec> if $raw_event =~ /(\d\d:\d\d:\d\d.\d\d\d)/ $EventTime = parsedate($1); else $EventTime = now();

    $Hostname = 'myhost';

    $SourceName = file_name();

    if $raw_event =~ /ERROR__/ $Severity = 'ERROR';
    else if $raw_event =~ /WARNING__/ $Severity = 'WARNING';
    else if $raw_event =~ /INFO__/ $Severity = 'INFO';
    else if $raw_event =~ /DEBUG__/ $Severity = 'DEBUG';

    if $raw_event =~ /^(\d\d:\d\d:\d\d.\d\d\d)\ (\S+)\ (\S+)\ (.*)/
        $Message = $4;

    to_syslog_bsd();

</Exec> </Input>

<Output udp> Module om_udp Host 172.16.93.29 Port 514 </Output>

<Route messages_to_udp> Path messages => udp </Route>
Login to see more