How to add hostname as Prefix to Log File nxlog.log

#1 BC_471242 2 years ago

Hi,

I would like to send logs of nxlog.log to an external SIEM. Here are the sample log file but I need hostname added as prefix to each log file as shown below. Is there a way we can use rsyslog or nxlog.conf file to do ot?

Before 2021-04-28 17:18:36 INFO connecting to agent manager at nxlogmgr.amgen.com:4041 2021-04-28 17:19:06 INFO reconnecting to agent manager (nxlogmgr.amgen.com) in 128 seconds 2021-04-28 17:19:06 ERROR couldn't connect to agent manager's SSL socket on nxlogmgr.amgen.com:40

After Apr 28 17:23:36 Hostname bash[XXXXX]: INFO connecting to agent manager at nxlogmgr.amgen.com:4041 Apr 28 17:23:36 Hostname bash[XXXXX]: INFO reconnecting to agent manager (nxlogmgr.amgen.com) in 128 seconds Apr 28 17:23:36 Hostname bash[XXXXX]: ERROR couldn't connect to agent manager's SSL socket on nxlogmgr.amgen.com:40

Permalink

#2 b0ti Nxlog ✓ 2 years ago

#1 BC_471242

Hi, I would like to send logs of nxlog.log to an external SIEM. Here are the sample log file but I need hostname added as prefix to each log file as shown below. Is there a way we can use rsyslog or nxlog.conf file to do ot? Before 2021-04-28 17:18:36 INFO connecting to agent manager at nxlogmgr.amgen.com:4041 2021-04-28 17:19:06 INFO reconnecting to agent manager (nxlogmgr.amgen.com) in 128 seconds 2021-04-28 17:19:06 ERROR couldn't connect to agent manager's SSL socket on nxlogmgr.amgen.com:40 After Apr 28 17:23:36 Hostname bash[XXXXX]: INFO connecting to agent manager at nxlogmgr.amgen.com:4041 Apr 28 17:23:36 Hostname bash[XXXXX]: INFO reconnecting to agent manager (nxlogmgr.amgen.com) in 128 seconds Apr 28 17:23:36 Hostname bash[XXXXX]: ERROR couldn't connect to agent manager's SSL socket on nxlogmgr.amgen.com:40

You can use im_internal and reformat the data with to_syslog_bsd().