Let's Talk
Let's Talk
Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.
Forwarding logs to syslog.

Hi all.

I'm having some windows server that are subscribed to a nxlog server, who in turn sends the windows logs to a linux/syslog server.

The syslog receives all these logs as NOTICE.USER which is not too practical.

I would want the nxlog to keep the criticity of the message when forwarding them. I would want nxlog to prefix the logs with the original log sender hostname so that they appear as $PROGRAM in syslog.

Also, is there a way to use some criterions to send logs from nxlog to syslog using different facilities (USER, MAIL, LOCALn,...) according to some criterions (real PROGRAM value for instance)


pothesis created
Replies: 1
View post »
last updated
Event forwarding | logfile syslog convert send
NXlog to read the contents of several files in a directory and send them to a Syslog Watcher server

Hello NXLog user,

I'm new to Nxlog and I'm looking to send the contents of files (*.log) located in a single directory to a Syslog Watcher server (snmpsoft). A trace can be on one or multiple lines but each start of a new trace starts with the time.

Here is an example of a trace on one line (columns => time type severity thread file function content) :

17:13:00.000 APP__ WARNING 1aa20b54100 <capp.cpp:56> [[CApp::ExistInDirectory]] File 'tool.exe' not found in C:/prog

Here is an example of multiple traces and one on multiple line (columns => time type severity thread file function content) :

10:57:25.924 SQL__ ERROR__ 20d962b1270 <csqlquery.cpp:292> [[CSqlQuery::ErrQuery]] [cnx2238] [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Violation de la contrainte PRIMARY KEY « PK__T__3214EC27053CB3F2 ». Impossible d'insérer une clé en double dans l'objet « B.T ». Valeur de clé dupliquée : (44422). [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]L'instruction a été arrêtée. QODBC3: Impossible d'exécuter l'instruction

  • Source query * ..
  • Query with values * ...

10:57:25.926 APP__ ERROR__ 20d962b1270 <chistosystemautomate.cpp:67> [[CHistoSystemAutomate::MsgReceivedSystem]] { "code": 500004, "details": "", "message": "Impossible d'exécuter la requête SQL." }

Nxlog.conf that I tried to do

Panic Soft #NoFreeOnExit TRUE

define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %ROOT%\data\nxlog.log LogFile %LOGFILE%

Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data

<Extension _syslog> Module xm_syslog </Extension>

<Input messages> Module im_file File "C:\Users\toto\Documents\nxlog*.log" Exec $Message = $raw_event; </Input>

<Output tcp> Module om_tcp Host 0.0.0.0 Port 514 Exec to_syslog_bsd(); </Output>

<Output udp> Module om_udp Host 0.0.0.0 Port 514 Exec to_syslog_bsd(); </Output>

<Route messages_to_tcp> Path messages => tcp </Route>

<Route messages_to_udp> Path messages => udp </Route>

Can you help me to write the conf file.

A big thank you in advance

Christophe


ChristopheC13 created
Replies: 1
View post »
last updated
logfile syslog convert send