#1 kunagorn.g 4 years ago

How to fix output log file name abnormal Ext. WAP01.tks.co.th-","Sec-Fetch-Mode".log WAP01.tks.co.th-\r\n-.log WAP01.tks.co.th-l+xml,application.log

My configuration NXlog

This is a sample NXLog configuration file created by Loggly. June 2013

See the nxlog reference manual about the configuration options.

It should be installed locally and is also available

online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

Please set the ROOT to the folder your nxlog was installed into,

otherwise it will not start.

#define ROOT C:\Program Files\nxlog #define ROOT_STRING C:\Program Files\nxlog define ROOT C:\Program Files (x86)\nxlog define ROOT_STRING C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert

Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log

Include fileop while debugging, also enable in the output module below

#<Extension fileop>

Module xm_fileop

#</Extension>

<Extension json> Module xm_json </Extension>

<Extension syslog> Module xm_syslog </Extension>

<Input in> Module im_msvistalog

ReadFromLast TRUE

SavePos TRUE

Query <QueryList>
<Query Id="0">
<Select Path="Application"></Select>
<Select Path="System"></Select>
<Select Path="Security">*</Select>
</Query>
</QueryList> </Input>

<Output out> Module om_tcp Host 10.6.5.133 Port 514

Exec $Hostname = hostname_fqdn(); Exec $SyslogFacility = 2; #Exec $SourceName = 'eventlogs'; #Exec to_syslog_bsd(); #Exec to_syslog_snare(); Exec to_syslog_ietf(); Exec $Message = to_json(); to_syslog_bsd(); </Output>

I want to . Input <Select Path="Application"></Select>\ ---> output hostname.application.log Input <Select Path="System"></Select>\ ---> output hostname.system.log Input <Select Path="Security">*</Select>\ ---> output hostname.security.log

Permalink

#2 MisazivDeactivated Nxlog ✓ 4 years ago

#1 kunagorn.g

How to fix output log file name abnormal Ext. WAP01.tks.co.th-","Sec-Fetch-Mode".log WAP01.tks.co.th-\r\n-.log WAP01.tks.co.th-l+xml,application.log My configuration NXlog This is a sample NXLog configuration file created by Loggly. June 2013 See the nxlog reference manual about the configuration options. It should be installed locally and is also available online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html Please set the ROOT to the folder your nxlog was installed into, otherwise it will not start. #define ROOT C:\Program Files\nxlog #define ROOT_STRING C:\Program Files\nxlog define ROOT C:\Program Files (x86)\nxlog define ROOT_STRING C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log Include fileop while debugging, also enable in the output module below #<Extension fileop> Module xm_fileop #</Extension> <Extension json> Module xm_json </Extension> <Extension syslog> Module xm_syslog </Extension> <Input in> Module im_msvistalog ReadFromLast TRUE SavePos TRUE Query <QueryList> <Query Id="0"> <Select Path="Application"></Select> <Select Path="System"></Select> <Select Path="Security">*</Select> </Query> </QueryList> </Input> <Output out> Module om_tcp Host 10.6.5.133 Port 514 Exec $Hostname = hostname_fqdn(); Exec $SyslogFacility = 2; #Exec $SourceName = 'eventlogs'; #Exec to_syslog_bsd(); #Exec to_syslog_snare(); Exec to_syslog_ietf(); Exec $Message = to_json(); to_syslog_bsd(); </Output> <Route 1> Path in => out </Route> I want to . Input <Select Path="Application"></Select>\ ---> output hostname.application.log Input <Select Path="System"></Select>\ ---> output hostname.system.log Input <Select Path="Security">*</Select>\ ---> output hostname.security.log

Hi,

you can use the log_info($Hostname) and check in the nxlog.log which value is printed. I am suspecting that it is not parsed correctly.

~MisaZ

Nxlog export Windows Logs to Rsyslog Server