NXLog Community edition not performing any output

View thread

jhartman

SO I was in the process of creating a custom parser for NetMotion VPN logs but for some reason, no matter what I specify in the nxlog.conf I have no output.

I originally had an older agent so I uninstalled and reinstalled with the latest download. - No change

I originally had an Exec stanza with some regex to capture some groups and assign them to some variables, I removed that whole section and am simply doing "parse_syslog(); - No change

 

This was my original conf file

panic SOFT
define INSTALLDIR C:\Program Files\nxlog
define LOGDIR %INSTALLDIR%\data
define MYLOGFILE %LOGDIR%\nxlog.log
LogLevel    DEBUG
LogFile     %MYLOGFILE%
<Extension json>
   Module      xm_json
</Extension>
<Extension syslog>
   Module  xm_syslog
</Extension>
<Input NetMotion>
   Module      im_file
   File        "C:\Testing-logs\NetMotion.txt"
   <Exec>
   if $raw_event =~ /m_user="([^"]+).+?pop_ip_srv="([^"]+).+?ses_start="([^"]+).+?ses_state="([^"]+).+?vip="([^"]+)/
   {
       if $4 == 'Connected' $event_type = 'VPN_SESSION_IP_ASSIGNED';
       $version = 'v1';
       $time = $3;
       $account = $1;
       $assigned_ip = $6;
       $source_ip = $2;
       $authentication_result = 'SUCCESS';
       $authentication_target = $5;
   }
   </Exec>
</Input>
<Output local_file>
   Module      om_file
   Exec        to_json();
   File        "C:\Testing-logs\Parsed.txt"
</Output>
<Route NM_to_file>
   Path        NetMotion => local_file
</Route>

After that was not producing anything I decided to rip the whole thing out and simply do a “parse_syslog” like below but still no luck.

panic SOFT

define INSTALLDIR C:\Program Files\nxlog

define LOGDIR %INSTALLDIR%\data define MYLOGFILE %LOGDIR%\nxlog.log

LogLevel DEBUG LogFile %MYLOGFILE%

<Extension json> Module xm_json </Extension>

<Extension syslog> Module xm_syslog </Extension>

<Input NetMotion> Module im_file File "C:\Testing-logs\NetMotion.txt" Exec parse_syslog(); </Input>

<Output local_file> Module om_file Exec to_json(); File "C:\Testing-logs\Parsed.txt" </Output>

<Route NM_to_file> Path NetMotion => local_file </Route>

I've done similar things before and have never really had an issue but this is throwing me for a loop. The nxlog.log shows no errors and actually says that the routes are being processed. Even when I was applying the custom regex it showed the regex being applied and everythign workign but there were still no lines being written to the Parsed.txt file.

 

Can anyone see anythign blatantly obvious that I'm missing that could stop this from working?