- Introduction
- Deployment
- Configuration
- 23. Configuration overview
- 24. NXLog Language
- 25. Reading and Receiving Logs
- 26. Processing Logs
- 26.1. Parsing Various Formats
- 26.2. Alerting
- 26.3. Using Buffers
- 26.4. Character Set Conversion
- 26.5. Detecting a Dead Agent or Log Source
- 26.6. Event Correlation
- 26.7. Extracting data
- 26.8. Filtering Messages
- 26.9. Format Conversion
- 26.10. Log Rotation and Retention
- 26.11. Message Classification
- 26.12. Parsing Multi-Line Messages
- 26.13. Rate Limiting and Traffic Shaping
- 26.14. Rewriting and Modifying Messages
- 26.15. Timestamps
- 27. Forwarding and Storing Logs
- 28. Centralized Log Collection
- 29. NXLog Failover Mode
- 30. High Availability
- 31. Encrypted Transfer
- 32. Reducing Bandwidth and Data Size
- 33. Reliable Message Delivery
- 34. Compression and Encryption
- OS Support
- Integration
- Troubleshooting
- Enterprise Edition Reference Manual
- NXLog Manager
- NXLog Add-Ons
26. Processing Logs
This chapter deals with various tasks that might be required after a log message is received by NXLog.
-
Parsing Various Formats – Reading fields from several common log formats
-
Alerting – Generating alerts when specific conditions are met
-
Using Buffers – Using disk- and memory-based buffering in NXLog
-
Character Set Conversion – Converting between character sets during processing
-
Detecting a Dead Agent or Log Source – Generating alerts when a remote agent or log source stops sending logs
-
Event Correlation – Using a dedicated module for detecting conditions based on a sliding window
-
Extracting data – Implementing parsing using module procedures or regular expressions
-
Filtering Messages – Discarding events based on specified conditions
-
Format Conversion – Configuring conversion between input and output formats
-
Log Rotation and Retention – Setting up policies for automatically retaining and discarding past log data
-
Message Classification – Matching and tagging events
-
Parsing Multi-Line Messages – Joining and parsing messages that span multiple lines
-
Rate Limiting and Traffic Shaping – Reducing the speed at which messages are read from a log source
-
Rewriting and Modifying Messages – Making changes to log messages during processing
-
Timestamps – Working with timestamp strings and datetime values