- AIX audit
The im_aixaudit module natively collects logs generated by the AIX Audit system, without depending on
auditstreamor any other process.Example 189. Collecting AIX audit logs
This example reads AIX logs from the
- Custom programs
The im_exec module allows log data to be collected from custom external programs.Example 190. Using an external command
This example uses the
tailcommand to read from a file.Note
The im_file module should be used to read log messages from files. This example only demonstrates the use of the im_exec module.
1 2 3 4 5 6
<Input exec> Module im_exec Command /usr/bin/tail Arg -f Arg /var/adm/ras/errlog </Input>
- DNS monitoring
DNS logs can be collected from the Bind DNS server, see the BIND 9 section in the NXLog User Guide.
- File Integrity Monitoring
Example 191. Monitoring file integrity
This example monitors files in the
/srvdirectories, generating events when files are modified or deleted. Files ending in
.bakare excluded from the watch list.
1 2 3 4 5 6 7 8 9
<Input fim> Module im_fim File "/etc/*" File "/srv/*" Exclude "*.bak" Digest sha1 ScanInterval 3600 Recursive TRUE </Input>
- Local syslog
Messages written to
/dev/logcan be collected with the im_uds module. Events written to file in Syslog format can be collected with im_file. In both cases, the xm_syslog module can be used to parse the events. See Collecting and Parsing Syslog for more information.Example 192. Reading syslog messages from file
- Log files
The im_file module can be used to collect events from log files.Example 193. Reading from log files
This configuration reads messages from the
/opt/test/input.logfile. No parsing is performed; each line is available in the
- Process Accounting
The im_acct module can be used to gather details about which owner (user and group) runs what processes.Example 194. Reading Process Accounting logs
This configuration turns on process accounting (using
/tmp/nxlog.acctas the log file) and watches for messages.