xml log parsing on windows with community edition won't get extract_xml recognized.

#1 har3005 1 year ago

I'm trying to ws_ftp logs that are xml formatted as such :

<?xml version="1.0" encoding="utf-8" ?>
<log>
  <entry>
    <log_time> xxxx </log_time>
    <description>data <![CDATA[Connection established]]></description>
    <service>data </service>
    <sessionid> xxxx </sessionid>
    <type>0</type>    <severity>0</severity>
    <lstnconnaddr> ip </lstnconnaddr>
    <cliconnaddr>ip </cliconnaddr>
    <sguid> xxx </sguid>
  </entry>
...

with this configuration :

 define ROOT C:\Program Files\nxlog
 
 <Extension gelf>
   Module xm_gelf
 </Extension>
 
 Moduledir %ROOT%\modules
 CacheDir %ROOT%\data
 Pidfile %ROOT%\data\nxlog.pid
 SpoolDir %ROOT%\data
 LogFile %ROOT%\data\nxlog.log
 
 <Extension multiline>
     Module	xm_multiline
     HeaderLine	/^<event>/
     EndLine	/^</event>/
 </Extension>
 
 <Extension xmlparser>
     Module	xm_xml
 </Extension>
 
 <Extension json>
     Module	xm_json
 </Extension>
 
 <Input in>
     Module	im_file
     File	"PATH TO .XML"
     SavePos	FALSE
 	PollInterval 1
     ReadFromLast FALSE
     InputType	multiline
     <Exec>
 		$EventData = extract_xml("/log/entry");
         if $EventData == ""
         {
             delete($EventData);
         }
         to_json(); 
     </Exec>
 </Input>
 
 <Output out>
     Module      om_file
     File    "C:\\temp\\output_test.txt"
 </Output>
 
 <Route 1>
     Path        in => out
 </Route>

i can't get past this error :

ERROR Couldn't parse Exec block at C:\Program Files\nxlog\conf\nxlog.conf:34; couldn't parse statement at line 35, character 40 in C:\Program Files\nxlog\conf\nxlog.conf; function 'extract_xml()' does not exist or takes different arguments ERROR module 'in' has configuration errors, not adding to route '1' at C:\Program Files\nxlog\conf\nxlog.conf:51

how can i get further?

Permalink

#2 NenadMDeactivated Nxlog ✓ 1 year ago (Last updated 1 year ago )

#1 har3005

I'm trying to ws_ftp logs that are xml formatted as such : <?xml version="1.0" encoding="utf-8" ?> <log> <entry> <log_time> xxxx </log_time> <description>data <![CDATA[Connection established]]></description> <service>data </service> <sessionid> xxxx </sessionid> <type>0</type> <severity>0</severity> <lstnconnaddr> ip </lstnconnaddr> <cliconnaddr>ip </cliconnaddr> <sguid> xxx </sguid> </entry> ... with this configuration : define ROOT C:\Program Files\nxlog <Extension gelf> Module xm_gelf </Extension> Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension multiline> Module xm_multiline HeaderLine /^<event>/ EndLine /^</event>/ </Extension> <Extension xmlparser> Module xm_xml </Extension> <Extension json> Module xm_json </Extension> <Input in> Module im_file File "PATH TO .XML" SavePos FALSE PollInterval 1 ReadFromLast FALSE InputType multiline <Exec> $EventData = extract_xml("/log/entry"); if $EventData == "" { delete($EventData); } to_json(); </Exec> </Input> <Output out> Module om_file File "C:\\temp\\output_test.txt" </Output> <Route 1> Path in => out </Route> i can't get past this error : ERROR Couldn't parse Exec block at C:\Program Files\nxlog\conf\nxlog.conf:34; couldn't parse statement at line 35, character 40 in C:\Program Files\nxlog\conf\nxlog.conf; function 'extract_xml()' does not exist or takes different arguments ERROR module 'in' has configuration errors, not adding to route '1' at C:\Program Files\nxlog\conf\nxlog.conf:51 how can i get further?

Hello

The log is quite self-explanatory: function 'extract_xml()' does not exist. There is no such a function in NXLog. I'm not sure what exactly you are trying to do but you might try with:

<Exec> $EventData = to_xml; if $EventData =~ /(^$|^\s+$)/ drop(); </Exec>

This block should transfer the value of the $EventData field to XML and drop the $EventData field if it's empty....