About Okta Add-On | Log collection solutions

#1 Divya 5 years ago

I got the okta add-on as part of a trial, but when I am trying to run the nxlog using the below config it doesn't show any data in the output file. Please advise

Panic Soft #NoFreeOnExit TRUE

define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE%

Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogLevel DEBUG NoCache True

<Extension _json> Module xm_json </Extension>

<Extension _syslog> Module xm_syslog </Extension>

<Input okta> Module im_exec Command C:\Program files (x86)\nxlog-okta\nxlog-okta.exe Exec parse_syslog(); <Exec> parse_syslog(); parse_json($Message); </Exec> </Input>

<Output file> Module om_file File 'C:\syslog\o0.log' Exec to_json(); </Output>

It has following data in nxlog.log file: 2019-04-04 11:10:50 DEBUG new event in event_thread [okta:READ] 2019-04-04 11:10:50 DEBUG nx_event_to_jobqueue: READ (okta) 2019-04-04 11:10:50 DEBUG event added to jobqueue 2019-04-04 11:10:50 DEBUG no events or no future events, event thread sleeping in condwait 2019-04-04 11:10:50 DEBUG worker 1 got signal for new job 2019-04-04 11:10:50 DEBUG worker 1 processing event 0x1dcf30 2019-04-04 11:10:50 DEBUG PROCESS_EVENT: READ (okta) 2019-04-04 11:10:50 DEBUG im_exec_add_read_event with delay 1000000 2019-04-04 11:10:50 DEBUG got EAGAIN 2019-04-04 11:10:50 DEBUG worker 1 waiting for new event 2019-04-04 11:10:50 DEBUG new event in event_thread [okta:READ] 2019-04-04 11:10:50 DEBUG future event, event thread sleeping 1000000ms in cond_timedwait

Permalink

#2 b0ti Nxlog ✓ 5 years ago

#1 Divya

I got the okta add-on as part of a trial, but when I am trying to run the nxlog using the below config it doesn't show any data in the output file. Please advise Panic Soft #NoFreeOnExit TRUE define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE% Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogLevel DEBUG NoCache True <Extension _json> Module xm_json </Extension> <Extension _syslog> Module xm_syslog </Extension> <Input okta> Module im_exec Command C:\Program files (x86)\nxlog-okta\nxlog-okta.exe Exec parse_syslog(); <Exec> parse_syslog(); parse_json($Message); </Exec> </Input> <Output file> Module om_file File 'C:\syslog\o0.log' Exec to_json(); </Output> <Route r> Path okta => file </Route> It has following data in nxlog.log file: 2019-04-04 11:10:50 DEBUG new event in event_thread [okta:READ] 2019-04-04 11:10:50 DEBUG nx_event_to_jobqueue: READ (okta) 2019-04-04 11:10:50 DEBUG event added to jobqueue 2019-04-04 11:10:50 DEBUG no events or no future events, event thread sleeping in condwait 2019-04-04 11:10:50 DEBUG worker 1 got signal for new job 2019-04-04 11:10:50 DEBUG worker 1 processing event 0x1dcf30 2019-04-04 11:10:50 DEBUG PROCESS_EVENT: READ (okta) 2019-04-04 11:10:50 DEBUG im_exec_add_read_event with delay 1000000 2019-04-04 11:10:50 DEBUG got EAGAIN 2019-04-04 11:10:50 DEBUG worker 1 waiting for new event 2019-04-04 11:10:50 DEBUG new event in event_thread [okta:READ] 2019-04-04 11:10:50 DEBUG future event, event thread sleeping 1000000ms in cond_timedwait

Try running nxlog-okta.exe manually from the console. If you see data getting printed, you can then run it via the nxlog service.