Hello, I'm both new here and new at nxlog so excuse my question if it sounds awkward. I'm trying to configure nxlog for an environment with multiple intermediary loghosts which have different IP addresses. The only pattern is that the machine that is sending the log and the loghost always have a similar first three octets (same subnet). So the computer 192.168.0.10 will send logs to 192.168.0.100 and the computer 10.10.10.30 will send its logs to 10.10.10.100. The last octet of all loghosts are similar as well.

My goal is to be able to call the computer IP with HostIP, match it with a regex [0-9]{1,3}[.][0-9]{1,3}[.][0-9]{1,3}[.][0-9]{1,3} and transform it to $1.$2.$3.100 which will be the loghost IP. My output module may look like this:

<Output loghost> Module om_udp Host $loghost Port 514 </output>

Why am I doing this? I'm deploying nxlog via GPO and wanted to send a single nxlog.conf to all the domain computers which will find the corresponding loghost based on their own IP.

At this time, none of my attempts to add a regex to an Exec directive in the output module were successful. If any one had come across the need for adding a variable as Host or similar issue, I will appreciate your help. Any other directions are much appreciated.

Thank you, Mikal