NXLog search
Let's talk Start free
Let's talk Start free

NXLog Community edition not performing any output

Tags: NXLog Community Edition
#1 jhartman

SO I was in the process of creating a custom parser for NetMotion VPN logs but for some reason, no matter what I specify in the nxlog.conf I have no output.

I originally had an older agent so I uninstalled and reinstalled with the latest download. - No change

I originally had an Exec stanza with some regex to capture some groups and assign them to some variables, I removed that whole section and am simply doing "parse_syslog(); - No change

 

This was my original conf file

panic SOFT
define INSTALLDIR C:\Program Files\nxlog
define LOGDIR %INSTALLDIR%\data
define MYLOGFILE %LOGDIR%\nxlog.log
LogLevel    DEBUG
LogFile     %MYLOGFILE%
<Extension json>
   Module      xm_json
</Extension>
<Extension syslog>
   Module  xm_syslog
</Extension>
<Input NetMotion>
   Module      im_file
   File        "C:\Testing-logs\NetMotion.txt"
   <Exec>
   if $raw_event =~ /m_user="([^"]+).+?pop_ip_srv="([^"]+).+?ses_start="([^"]+).+?ses_state="([^"]+).+?vip="([^"]+)/
   {
       if $4 == 'Connected' $event_type = 'VPN_SESSION_IP_ASSIGNED';
       $version = 'v1';
       $time = $3;
       $account = $1;
       $assigned_ip = $6;
       $source_ip = $2;
       $authentication_result = 'SUCCESS';
       $authentication_target = $5;
   }
   </Exec>
</Input>
<Output local_file>
   Module      om_file
   Exec        to_json();
   File        "C:\Testing-logs\Parsed.txt"
</Output>
<Route NM_to_file>
   Path        NetMotion => local_file
</Route>

After that was not producing anything I decided to rip the whole thing out and simply do a “parse_syslog” like below but still no luck.

panic SOFT

define INSTALLDIR C:\Program Files\nxlog


define LOGDIR %INSTALLDIR%\data
define MYLOGFILE %LOGDIR%\nxlog.log


LogLevel    DEBUG
LogFile     %MYLOGFILE%


<Extension json>
Module      xm_json
</Extension>


<Extension syslog>
Module  xm_syslog
</Extension>


<Input NetMotion>
Module      im_file
File        "C:\Testing-logs\NetMotion.txt"
Exec        parse_syslog();
</Input>


<Output local_file>
Module      om_file
Exec        to_json();
File        "C:\Testing-logs\Parsed.txt"
</Output>


<Route NM_to_file>
Path        NetMotion => local_file
</Route>

I've done similar things before and have never really had an issue but this is throwing me for a loop. The nxlog.log shows no errors and actually says that the routes are being processed. Even when I was applying the custom regex it showed the regex being applied and everythign workign but there were still no lines being written to the Parsed.txt file.

 

Can anyone see anythign blatantly obvious that I'm missing that could stop this from working?

Permalink
#2 jhartman

So this is simply a goof on my end. I assumed that when the service started that it would parse the whole file and apply to all old logs but it was simply waiting for new lines. After I duplicated the lines everything worked just fine.
Login to see more