Sending log directory name with log-event

#1 Nemesis 8 years ago

Hi, I have a system that produces logs files. I send them via tcp to specific port.

Directory path with logs looks like:

C:\Logs\<ID>\*.log

Where ID is the unique 3-digit identifier. How to get this ID and send it with every log event?

My current config:

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Input logs>
Module im_file
File 'C:\\Logs\\*\\*.log'
ReadFromLast True
SavePos True
Recursive True
Exec if $raw_event =~ /^#/ drop();
</Input>

<Processor buffer_logs>
Module pm_buffer
MaxSize   102400
Type   Mem
WarnLimit   51200
</Processor>

<Output out_logs>
Module om_tcp
Host localhost
Port 10010
OutputType LineBased
</Output>

<Route r_logs>
Path logs => buffer_logs => out_logs
</Route>

Permalink

#2 adm Nxlog ✓ 8 years ago

#1 Nemesis

Hi, I have a system that produces logs files. I send them via tcp to specific port. Directory path with logs looks like: C:\Logs\<ID>\*.log Where ID is the unique 3-digit identifier. How to get this ID and send it with every log event? My current config: define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Input logs> Module im_file File 'C:\\Logs\\*\\*.log' ReadFromLast True SavePos True Recursive True Exec if $raw_event =~ /^#/ drop(); </Input> <Processor buffer_logs> Module pm_buffer MaxSize 102400 Type Mem WarnLimit 51200 </Processor> <Output out_logs> Module om_tcp Host localhost Port 10010 OutputType LineBased </Output> <Route r_logs> Path logs => buffer_logs => out_logs </Route>

You can add something like this to 'logs':

Exec if ( file_name() =~ /([^\]+)\\.log$/ ) {\
  $raw_event = $raw_event + " " + $1; \
}

Not sure if the regexp works but it should give you the idea. Also not sure whether you want it appended to the end of the line or how you want that transferred.