I am attempting to use xm_ifileop to rotate some logfiles I am collecting with nxlog. I can see that rotation works as expected if I specify the file path but can I use the same logic to rotate all files in directory.

Example: /var/log/osquery/ on linux/mac and C:\ProgramData\osquery\log on windows has 3 files in it that start with osdqueryd. and I want to watch those and rotate them if they get over 3M. I have tried on windows and Mac to use a * in the file path to specify the directory: define OSQLOGFILE C:\\ProgramData\\osquery\\log\\osqueryd.\*

but that doesn't rotate the log. If I specify each file by name then it works as expected but then I need 3 xm_fileop sections.

Is there an easy way to tell nxlog to rotate all files matching a pattern?

Here is my logic so far:

<Extension osquery_fileop>
    Module      xm_fileop
    # Check the log file size every hour and rotate if larger than 3 MB
    <Schedule>
        Every   1 hour
        Exec    if (file_exists('%OSQLOGFILE%') and (file_size('%OSQLOGFILE%') >= 1M)) file_cycle('%OSQLOGFILE%', 4);
    </Schedule>
</Extension>