NXLog User Guide
- Introduction
- Deployment
- Configuration
- OS Support
- Integration
- Troubleshooting
- Enterprise Edition Reference Manual
- 146. Man Pages
- 147. Configuration
- 148. Language
- 149. Extension Modules
- 150. Input Modules
- 150.1. Process accounting (im_acct)
- 150.2. AIX auditing (im_aixaudit)
- 150.3. Azure (im_azure)
- 150.4. Batched compression (im_batchcompress)
- 150.5. Basic Security Module Auditing (im_bsm)
- 150.6. Check Point OPSEC LEA (im_checkpoint)
- 150.7. DBI (im_dbi)
- 150.8. Event Tracing for Windows (im_etw)
- 150.9. External programs (im_exec)
- 150.10. File (im_file)
- 150.11. File integrity monitoring (im_fim)
- 150.12. Go (im_go)
- 150.13. HTTP(s) (im_http)
- 150.14. Internal (im_internal)
- 150.15. Java (im_java)
- 150.16. Kafka (im_kafka)
- 150.17. Kernel (im_kernel)
- 150.18. Linux Audit System (im_linuxaudit)
- 150.19. macOS Endpoint Security (im_maces)
- 150.20. macOS ULS (im_maculs)
- 150.21. Mark (im_mark)
- 150.22. Event Logging for Windows XP/2000/2003 (im_mseventlog)
- 150.23. Event log for Windows 2008/Vista and later (im_msvistalog)
- 150.24. Null (im_null)
- 150.25. ODBC (im_odbc)
- 150.26. Packet capture (im_pcap)
- 150.27. Perl (im_perl)
- 150.28. Named pipes (im_pipe)
- 150.29. Python (im_python)
- 150.30. Redis (im_redis)
- 150.31. Windows Registry Monitoring (im_regmon)
- 150.32. Ruby (im_ruby)
- 150.33. TLS/SSL (im_ssl)
- 150.34. Systemd (im_systemd)
- 150.35. TCP (im_tcp)
- 150.36. Test Generator (im_testgen)
- 150.37. UDP (im_udp)
- 150.38. Unix domain sockets (im_uds)
- 150.39. Windows Performance Counters (im_winperfcount)
- 150.40. Windows Event Collector (im_wseventing)
- 150.41. ZeroMQ (im_zmq)
- 151. Processor Modules
- 152. Output Modules
- NXLog Manager
- NXLog Add-Ons
150.21. Mark (im_mark)
Mark messages are used to indicate periodic activity to assure that the logger is running when there are no log messages coming in from other sources.
|
Note
|
To examine the supported platforms, see the list of installer packages in the Available Modules chapter. |
By default, if no module-specific directives are set, a log message
will be generated every 30 minutes containing -- MARK --.
|
Note
|
The $raw_event field is not generated in Syslog format. If mark messages are required in Syslog format, they must be explicitly converted with the to_syslog_bsd() procedure. |
|
Note
|
The functionality of the im_mark module can be also achieved using the Schedule block with a log_info("--MARK--") Exec statement, which would insert the messages via the im_internal module into a route. Using a single module for this task can simplify configuration. |
150.21.1. Configuration
The im_mark module accepts the following directives in addition to the common module directives.
- Mark
-
This optional directive sets the string for the mark message. The default is
-- MARK --.
- MarkInterval
-
This optional directive sets the interval for mark messages, in minutes. The default is 30 minutes.
150.21.2. Fields
The following fields are used by im_mark.
$raw_event(type: string)-
A list of event fields in key-value pairs.
$EventTime(type: datetime)-
The current time.
$Message(type: string)-
The same value as $raw_event.
$ProcessID(type: integer)-
The process ID of the NXLog process.
$Severity(type: string)-
The severity name:
INFO.
$SeverityValue(type: integer)-
The INFO severity level value:
2.
$SourceName(type: string)-
Set to
nxlog.
150.21.3. Examples
Here, NXLog will write the specified string to file every minute.
![[Download file]](images/icons/download_icon.png "Download file"){kind=icon}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
<Input mark>
Module im_mark
MarkInterval 1
Mark -=| MARK |=-
</Input>
<Output file>
Module om_file
File "tmp/output"
</Output>
<Route mark_to_file>
Path mark => file
</Route>