NXLog User Guide
- OS Support
- Enterprise Edition Reference Manual
- 146. Man Pages
- 147. Configuration
- 148. Language
- 149. Extension Modules
- 150. Input Modules
- 150.1. Process accounting (im_acct)
- 150.2. AIX auditing (im_aixaudit)
- 150.3. Azure (im_azure)
- 150.4. Batched compression (im_batchcompress)
- 150.5. Basic Security Module Auditing (im_bsm)
- 150.6. Check Point OPSEC LEA (im_checkpoint)
- 150.7. DBI (im_dbi)
- 150.8. Event Tracing for Windows (im_etw)
- 150.9. External programs (im_exec)
- 150.10. File (im_file)
- 150.11. File integrity monitoring (im_fim)
- 150.12. Go (im_go)
- 150.13. HTTP(s) (im_http)
- 150.14. Internal (im_internal)
- 150.15. Java (im_java)
- 150.16. Kafka (im_kafka)
- 150.17. Kernel (im_kernel)
- 150.18. Linux Audit System (im_linuxaudit)
- 150.19. macOS Endpoint Security (im_maces)
- 150.20. macOS ULS (im_maculs)
- 150.21. Mark (im_mark)
- 150.22. Event Logging for Windows XP/2000/2003 (im_mseventlog)
- 150.23. Event log for Windows 2008/Vista and later (im_msvistalog)
- 150.24. Null (im_null)
- 150.25. ODBC (im_odbc)
- 150.26. Packet capture (im_pcap)
- 150.27. Perl (im_perl)
- 150.28. Named pipes (im_pipe)
- 150.29. Python (im_python)
- 150.30. Redis (im_redis)
- 150.31. Windows Registry Monitoring (im_regmon)
- 150.32. Ruby (im_ruby)
- 150.33. TLS/SSL (im_ssl)
- 150.34. Systemd (im_systemd)
- 150.35. TCP (im_tcp)
- 150.36. Test Generator (im_testgen)
- 150.37. UDP (im_udp)
- 150.38. Unix domain sockets (im_uds)
- 150.39. Windows Performance Counters (im_winperfcount)
- 150.40. Windows Event Collector (im_wseventing)
- 150.41. ZeroMQ (im_zmq)
- 151. Processor Modules
- 152. Output Modules
- NXLog Manager
- NXLog Add-Ons
The im_dbi module allows NXLog to pull log data from external databases. This module utilizes the libdbi database abstraction library, which supports various database engines such as MySQL, PostgreSQL, Oracle, SQLite, and Firebird. A SELECT statement can be specified, which will be executed periodically to check for new records.
|To examine the supported platforms, see the list of installer packages in the Available Modules chapter.|
|The im_dbi and om_dbi modules support GNU/Linux only because of the libdbi library. The im_odbc and om_odbc modules provide native database access on Windows.|
|libdbi needs drivers to access the database engines. These are in the libdbd-* packages on Debian and Ubuntu. CentOS 5.6 has a libdbi-drivers RPM package, but this package does not contain any driver binaries under /usr/lib64/dbd. The drivers for both MySQL and PostgreSQL are in libdbi-dbd-mysql. If these are not installed, NXLog will return a libdbi driver initialization error.|
The im_dbi module accepts the following directives in addition to the common module directives.
This mandatory directive specifies the name of the libdbi driver which will be used to connect to the database. A DRIVER name must be provided here for which a loadable driver module exists under the name
/usr/lib/dbd/). The MySQL driver is in the
This directive should specify the SELECT statement to be executed every PollInterval seconds. The module automatically appends a
WHERE id > ? LIMIT 10clause to the statement. The result set returned by the SELECT statement must contain an id column which is then stored and used for the next query.
This directive can be used to specify additional driver options such as connection parameters. The manual of the libdbi driver should contain the options available for use here.
This directive specifies how frequently the module will check for new records, in seconds. If this directive is not specified, the default is 1 second. Fractional seconds may be specified (
PollInterval 0.5will check twice every second).
If this boolean directive is set to TRUE, the position will be saved when NXLog exits. The position will be read from the cache file upon startup. The default is TRUE: the position will be saved if this directive is not specified. Even if SavePos is enabled, it can be explicitly turned off with the global NoCache directive.
When the im_dbi module reads an entry from a database, it creates and
populates the following fields which are then recorded to
Timestamp when the event was created.
IP address or hostname the event originates from.
Severity level of the event.
Key-value pair in the
The following core fields are also created and populated by NXLog:
The time when the event is received. The value is not modified if the field already exists.
The name of the module instance, for input modules. The value is not modified if the field already exists.
The type of module instance (such as im_file), for input modules. The value is not modified if the field already exists.
This example uses libdbi and the MySQL driver to connect to the logdb database on the local host and execute the provided statement.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 <Input dbi> Module im_dbi Driver mysql Option host 127.0.0.1 Option username mysql Option password mysql Option dbname logdb SQL SELECT id, facility, severity, hostname, \ timestamp, application, message \ FROM log </Input> <Output file> Module om_file File "tmp/output" </Output> <Route dbi_to_file> Path dbi => file </Route>