Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.
Universal schedule block that rotates all logs?
chrisc created
Hi,
I have several routes, outputs, and inputs and would like to have a schedule block that effects all logs. Is this possible? My current implementation is to put the schedule block in each Output. It works, but I was seeing if there was a way to clean it up and get it into one scheduler.
Thank you!
chrisc created
OM_HTTP Warning
tiago_nascimento created
I'm having an alert every time the om_http sends a message to a web service. Has anyone ever experienced this?
LOG:
2015-08-19 16:45:18 INFO connecting to localhost:80
2015-08-19 16:45:18 WARNING http server disconnected while reading the response
2015-08-19 16:45:18 INFO reconnecting in 0 seconds
CONF:
<Output outATM>
Module om_http
URL http://localhost:80/modules/AtmProcessorMT/index.php
</Output>
tiago_nascimento created
NXLog failing on log rotation
chrisc created
I am trying to rotate a log file in the Output module. Here is my configuration below:
Easier on the eyes (pastebin)
########################################
# Global directives #
########################################
User nxlog
Group nxlog
LogFile /var/log/nxlog/nxlog.log
LogLevel INFO
#SuppressRepeatingLogs FALSE
define WINLOG /logserv/collections/windows-collector/windows-collector-log.log
########################################
# Modules #
########################################
<Extension fileop>
Module xm_fileop
</Extension>
<Extension _syslog>
Module xm_syslog
</Extension>
<Input windows-collector-log>
module im_tcp
host 0.0.0.0
port 524
Exec parse_syslog();
Exec log_info("Severity Windows Collector: " + $SyslogSeverity + ", Hostname: " + $Hostname);
</Input>
<Output windows-collector-log-out>
Module om_file
CreateDir true
File '%WINLOG%'
<Schedule>
Every 30 sec
Exec if (file_size('%WINLOG%') >= 100M) file_cycle('%WINLOG%',500);
</Schedule>
</Output>
<Route 5>
Path windows-collector-log => windows-collector-log-out
</Route>
I am getting an error saying that the file does not exist when the rotation is executed.
2015-08-19 13:22:23 ERROR failed to determine file size of '/logserv/collections/windows-collector/windows-collector-log.log': No such file or directory
chrisc created
nxLog Product Inquiry.
sreeram created
Hi,
I am writing here to inquire about nxLog for centralized logging implementation in production environment.
We have tested nxLog community edition in development environment and We're very much interested in implementing nxLog in production(US/UK client) environment too. I'd appreciate, if someone provides me a detailed product terms and purchase/subscription cost incurred for purchasing nxLog community & enterprise edition.
I need to take a decision in the coming few days so it’s really very important that I receive this information as soon as possible. Awaiting reply.
Best Regards,
Sreeram
sreeram created
om_tcp closewhenidle
fiddell created
Hi,
is it possible to configure at the om_tcp moule a "closewhenidle". A persistent connection to my destination ist not good when no data sent.
fiddell created
rindex($UserName, get_var('char')))
Brandon.Mixon created
Hey all,
I was wondering if rindex worked on nxlog, I’m not having luck getting it to work, and all my searches come up empty. I’m looking to parse a username after a "|"
create_var('char'); \
set_var('char', '|'); \
create_var('index_num'); \
set_var('index_num', rindex($UserName, get_var('char'))); \
Brandon.Mixon created
om_ssl connection questions
fata created
Hello,
Because of my lack of encryption knowledge, I search and found these instructions that I followed in order to create an SSL connection between an nxlog client (Windows server 2008 R2) and a graylog server.
So I transfered the "nxlog-ca.crt" to the client and indicated to the graylog server "nxlog-ca.key" as the TLS private key file and "nxlog-ca.crt" as the TLS cert file.
Here is the nxlog.conf :
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension _syslog>
Module xm_gelf
</Extension>
<Input in>
Module im_msvistalog
Query <QueryList>\
<Query Id="0">\
<Select Path="Application">*[System[(Level=1 or Level=2 or Level=3)]]</Select>\
<Select Path="Security">*[System[(Level=1 or Level=2 or Level=3)]]</Select>\
<Select Path="System">*[System[(Level=1 or Level=2 or Level=3)]]</Select>\
<Select Path="HardwareEvents">*[System[(Level=1 or Level=2 or Level=3)]]</Select>\
</Query>\
</QueryList>
</Input>
<Output sslout>
Module om_ssl
Host host_ip_address
Port 12201
CAFile %CERTDIR%\nxlog-ca.crt
OutputType GELF_TCP
AllowUntrusted FALSE
</Output>
<Route 1>
Path in => sslout
</Route>
But when I launch "nxlog.exe -f" here is the error :
nxlog.exe -f
2015-08-04 12:23:05 INFO nxlog-ce-2.9.1347 started
2015-08-04 12:23:05 INFO connecting to host_ip_address:12201
2015-08-04 12:23:05 INFO successfully connect to host_ip_address:12201
2015-08-04 12:23:05 INFO remote socket was closed during SSL handshake
2015-08-04 12:23:05 INFO reconnecting in 1 seconds
And That's it. What am I missing ?
I read in the documentation that all the files about the certificates are in "pem" format but when I create it from certtool I have "crt" and "key" format files.
Thank you.
fata created
Windows PowerShell Silent Install of NxLog
IanMcShane created
Hi,
I was wondering if anyone could help me please.
I want to use PowerShell to do a silent install of NxLog, I have tried different ways of using MSIEXEC in powershell and command line but I just can't seem to get it working.
Any advice would be great.
Thanks.
IanMcShane created
MSWinEventLog
cidvicious created
Sorry I am new to this. Where in the config file do you set it to pull from MSWinEventLog?
Thanks in advance!
cidvicious created
Won't install on Windows 10 / service doesn't get installed?
wingows10guy created
We've had some clients where we install & deploy the MSI via group policy -- using the latest version 2.9.1347.
On Windows 10 -- it looks like the install succeeds (all the nx log files exist in Program Files (x86), etc.) -- but the service never gets installed. We don't see the nx log service anywhere in services.msc -- and don't see any logs saying that its install failed.
We've now seen this on multiple Windows 10 machines. Has anyone else -- and is there a workaround?
wingows10guy created
NXLog CE: function for logs transfer
Tuxizm created
Hello
I write input module for nxlog. I have wrote function to read data but I don't know how to tranfer data further. Which function should I call? nx_logdata_set_string?
Tuxizm created
im_odbc ConnectionString question
honigmann created
Hi,
my ODBC import won't work, checked everything but always this error occurs:
ERROR im_odbc couldn't connect to the database, IM014:1:0:[Microsoft][ODBC Driver Manager] The specified DSN contains an architecture mismatch between the Driver and Application
Config:
<Input ODBC>
Module im_odbc
ConnectionString DSN=S_ODBC;database=SophosSecurity;
SavePos TRUE
PollInterval 5
IdIsTimestamp FALSE
</Input>
best regards
honigmann created
Possible to read log file with new logs added to top of file?
RVZ created
I'm using NXLog to read log files and send to to Logstash. Normally this works fine, but I'm now trying to send logs from a file, where the new events gets added at the top of the file, not the bottom. Now it's not sending anything.
This is from my NXLog config.
<Input file>
Module im_file
File "C:\\TEMP\\export.txt"
InputType LineBased
Exec $Message = $raw_event;
SavePos TRUE
ReadFromLast TRUE
Exec if $raw_event =~ /^#/ drop();
Is it possible to read from bottom to top?
RVZ created
Performance statistics/measurements of nxLog on Windows
J_Grieb created
Are there any numbers about how nxLog performs when it is processing a high rate of messages being placed into a log file?
Right now we have a couple of incidents which resulted in a few thousand messages being logged per second.
I assume this is more than nxLog can handle but am wondering about any performance testing that has been run
J_Grieb created
where to find im_dbi?
honigmann created
Hi,
I need to use im_dbi import module of nxlog.
This module isn't part of actual setup, so where can I get it?
regards
Christian
honigmann created
nxlog.rpm installation error
super17 created
Hi all,
after installd nxlog-ce-2.9.1347-1_rhe6.x86_64.rpm on Red Hat I tried to start the service "/etc/init.d/nxlog start" and I'm get the following error:
" Starting nxlog deamon...
/usr/bin/nxlog: symbol lookup error: /usr/bin/nxlog: undefiend symbol: apr_pool_create_unmanaged_ex "
Does anyone have an idea?
super17 created
Centralizing logs
tiago_nascimento created
Hello, I'm having trouble centralize logs because my storage system performs poorly.
I have several nxlog-ce agents sending logs with om_tcp module and server I have a nxlog-ce recording these logs with the module om_file in a shared directory on my NAS.
What recommendation for improving the performance of my solution as a whole? Use another distributed file system? Using an unstructured database? Exsitem more options?
Obs .: I need to be able to retrieve the log in its original format, I need to be fault-tolerant and I need to have high write performance.
tiago_nascimento created
Remove duplicates in text file
RVZ created
I'm using NXLog to read a log file and send it to Logstash. This works fine, but some of the log lines are duplicates. They're in separate lines, but the content is exactly the same. I can't change the way the logs are written to the log file, so the only way is to fix it either with NXLog before it gets send, or in Logstash when it arrives, which I prefer not to do.
I see NXLog does have a function for this, but it's not working for me. I've tried this in my config file.
<Processor norepeat>
Module pm_norepeat
</Processor>
<Route 1>
Path in => norepeat => out
</Route>
This is abviously not working for me, am I maybe missing something here?
RVZ created
ERROR unexpected data from server (64 bytes)
Tuxizm created
So i have configured nxlog with https to talk with logstash.
I got an error on nxlog side " ERROR unexpected data from server (64 bytes)"
I looked it up and it looks like nxlog got https://github.com/lamby/pkg-nxlog-ce/blob/master/src/modules/output/http/om_http.c#L6462
So i did check up the http input on logstash side , but i have not understand it
https://github.com/logstash-plugins/logstash-input-http#L118
Looks like logstash should send respond code, but i dont see it. Remember i dont have ruby skills.
Can someone explain to me what might be wrong here ? Or how to fix this issue ?
Tuxizm created
NXLog Parsing XML
Jakauppila created
I've seen some posts from about a year ago that NXLog is unable to parse attributes using xm_xml, I just wanted to check if this is still true?
I am running NXLog as a service on Windows machines and want to be able to parse the following message, is it possible?
<log4j:event logger="com.sentry.test.LogContextListener" timestamp="1437661699866" level="TRACE" thread="localhost-startStop-1"> <log4j:message><![CDATA[This is a trace message about how we should use C#]]></log4j:message> </log4j:event>
Jakauppila created