I have a very basic setup. I was easily able to get the general syslog functionality working.
I have been unable to get the file transport working. I've spent several days trying alternative configurations and Googling for help; all to no avail.
I also tested with om_file - trying to just grab the file and output it locally - the outcome was just a blank file.
Any help will be greatly appreciated.
Here is my config:
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel INFO
<Extension gelf>
Module xm_gelf
</Extension>
<Extension _syslog>
module xm_syslog
</extension>
<Input 1>
Module im_file
file "C:\\MSSQL\\ERRORLOG"
</Input>
<Output 2>
Module om_tcp
Host 192.168.1.50
Port 5550
OutputType GELF_TCP
</Output>
<Route 3>
Path 1 => 2
</Route>
There may be two reasons for that.
1. ReadFromLast for im_file defaults to FALSE. Perhaps there were no events written to your file.
2. The MSSQL ERRORLOG is UCS-2. You need the following conversion (sample taken from the manual):
<Input in> Module im_file File "C:\\MSSQL\\ERRORLOG" Exec $raw_event = convert($raw_event, 'UCS-2LE','UTF-8'); if $raw_event == '' drop(); </Input>