NXLog User Guide
- 23. Configuration overview
- 24. NXLog language
- 25. Reading and receiving logs
- 26. Processing logs
- 27. Forwarding and Storing Logs
- 28. Centralized Log Collection
- 29. NXLog failover mode
- 30. High Availability (HA)
- 31. Encrypted transfer
- 32. Reducing bandwidth and data size
- 33. Reliable message delivery
- 34. Compression and Encryption
- OS Support
- Enterprise Edition Reference Manual
- NXLog Manager
- NXLog Add-Ons
This chapter discusses log sources that you may need to use with NXLog, including:
This section provides information and examples about receiving log messages from the network over various protocols.
The im_udp module handles incoming messages over UDP.Example 59. Using the im_udp module
This input module instance shows the im_udp module configured with the default options: localhost only and port 514.Note
The UDP protocol does not guarantee reliable message delivery. It is recommended to use the TCP or SSL transport modules instead if message loss is a concern.
Though NXLog was designed to minimize message loss even in the case of UDP, adjusting the kernel buffers may reduce the likelihood of UDP message loss on a system under heavy load. The Priority directive in the Route block can also help.
To receive Syslog over the network, use one of the network modules above, coupled with xm_syslog. Syslog parsing is not required if you only need to forward or store the messages as they are. See also Accepting Syslog via UDP, TCP, or TLS.Example 62. Receiving syslog over TCP with octet-framing
With this example configuration, NXLog listens for messages on TCP port 1514. The xm_syslog extension module provides the Syslog_TLS InputType (for octet-framing) and the parse_syslog() procedure for parsing Syslog messages.
With the im_dbi and im_odbc modules it is possible to read logs directly from database servers. The im_dbi module can be used on POSIX systems where libdbi is available. The im_odbc module, available in NXLog Enterprise Edition, can be used with ODBC compatible databases on Windows, Linux, and Unix.
This example uses libdbi and the MySQL driver to read records from
- Unix domain socket
Example 66. Using the im_uds module
With this configuration, NXLog will read messages from the
/dev/logsocket. NXLog’s flow control feature must be disabled in this case (see the FlowControl directive in the Reference Manual).
The im_exec module can be used to read logs from external programs and scripts over a pipe.
This example uses the
tail command to read messages from a file.
|The im_file module should be used to read log messages from files. This example only demonstrates the use of the im_exec module.|