xml log parsing on windows with community edition won't get extract_xml recognized.
har3005
I'm trying to ws_ftp logs that are xml formatted as such :
<?xml version="1.0" encoding="utf-8" ?>
<log>
<entry>
<log_time> xxxx </log_time>
<description>data <![CDATA[Connection established]]></description>
<service>data </service>
<sessionid> xxxx </sessionid>
<type>0</type> <severity>0</severity>
<lstnconnaddr> ip </lstnconnaddr>
<cliconnaddr>ip </cliconnaddr>
<sguid> xxx </sguid>
</entry>
...
with this configuration :
define ROOT C:\Program Files\nxlog
<Extension gelf>
Module xm_gelf
</Extension>
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension multiline>
Module xm_multiline
HeaderLine /^<event>/
EndLine /^</event>/
</Extension>
<Extension xmlparser>
Module xm_xml
</Extension>
<Extension json>
Module xm_json
</Extension>
<Input in>
Module im_file
File "PATH TO .XML"
SavePos FALSE
PollInterval 1
ReadFromLast FALSE
InputType multiline
<Exec>
$EventData = extract_xml("/log/entry");
if $EventData == ""
{
delete($EventData);
}
to_json();
</Exec>
</Input>
<Output out>
Module om_file
File "C:\\temp\\output_test.txt"
</Output>
<Route 1>
Path in => out
</Route>
i can't get past this error :
ERROR Couldn't parse Exec block at C:\Program Files\nxlog\conf\nxlog.conf:34; couldn't parse statement at line 35, character 40 in C:\Program Files\nxlog\conf\nxlog.conf; function 'extract_xml()' does not exist or takes different arguments ERROR module 'in' has configuration errors, not adding to route '1' at C:\Program Files\nxlog\conf\nxlog.conf:51
how can i get further?
