im_exec on schedule - Page 1 | Log collection solutions

#1 kumdabur 4 years ago

Hello,

I'm trying to implement some kind of "inventory" module in nxlog for windows-based machines. The idea is to run CMD and get basic info like OS information, members of local admin group or active sessions of users - those are just examples, the goal would be to execute CMD and get data every X hours/days.

as a PoC, I have following configuration:

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension _syslog>
    Module      xm_syslog
</Extension>

<Extension json>
    Module	xm_json
</Extension>	

<Input message>
    Module  im_exec
    Command "C:\Windows\System32\cmd.exe"
    Arg     /k
    Arg     dir
</Input>

 


<Output out_debug>
    Module	om_file
    File	"D:\\nxlog_debug.log"
</Output>


<Route 2>
    Path       message => out_debug
</Route>

It works, I can see output of dir command in a .log file. However I cannot find a right way to add a "schedule". Tried in several ways, but it always fails with config error. Based on this example, is it possible to run a CMD with arguments with a schedule?

Permalink

#2 MisazivDeactivated Nxlog ✓ 4 years ago

#1 kumdabur

Hello, I'm trying to implement some kind of "inventory" module in nxlog for windows-based machines. The idea is to run CMD and get basic info like OS information, members of local admin group or active sessions of users - those are just examples, the goal would be to execute CMD and get data every X hours/days. as a PoC, I have following configuration: define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension _syslog> Module xm_syslog </Extension> <Extension json> Module xm_json </Extension> <Input message> Module im_exec Command "C:\Windows\System32\cmd.exe" Arg /k Arg dir </Input> <Output out_debug> Module om_file File "D:\\nxlog_debug.log" </Output> <Route 2> Path message => out_debug </Route> It works, I can see output of dir command in a .log file. However I cannot find a right way to add a "schedule". Tried in several ways, but it always fails with config error. Based on this example, is it possible to run a CMD with arguments with a schedule?

You can use the schedule directive: https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#config_module_schedule

It should accomplish what you need.

--MisaZ