NXLog User Guide
- Introduction
- Deployment
- Configuration
- OS Support
- Integration
- Troubleshooting
- Enterprise Edition Reference Manual
- 146. Man Pages
- 147. Configuration
- 148. Language
- 149. Extension Modules
- 149.1. Remote Management (xm_admin)
- 149.2. AIX Auditing (xm_aixaudit)
- 149.3. Apple System Logs (xm_asl)
- 149.4. Basic Security Module Auditing (xm_bsm)
- 149.5. Common Event Format (xm_cef)
- 149.6. Character set conversion (xm_charconv)
- 149.7. Encryption (xm_crypto)
- 149.8. Delimiter-Separated Values (xm_csv)
- 149.9. External programs (xm_exec)
- 149.10. File lists (xm_filelist)
- 149.11. File operations (xm_fileop)
- 149.12. GELF (xm_gelf)
- 149.13. Go (xm_go)
- 149.14. Grok (xm_grok)
- 149.15. Java (xm_java)
- 149.16. JSON (xm_json)
- 149.17. Key-value pairs (xm_kvp)
- 149.18. LEEF (xm_leef)
- 149.19. Microsoft DNS Server (xm_msdns)
- 149.20. Multiline parser (xm_multiline)
- 149.21. NetFlow (xm_netflow)
- 149.22. Microsoft Network Policy Server (xm_nps)
- 149.23. Pattern matcher (xm_pattern)
- 149.24. Perl (xm_perl)
- 149.25. Python (xm_python)
- 149.26. Resolver (xm_resolver)
- 149.27. Rewrite (xm_rewrite)
- 149.28. Ruby (xm_ruby)
- 149.29. SNMP traps (xm_snmp)
- 149.30. Remote Management (xm_soapadmin)
- 149.31. Syslog (xm_syslog)
- 149.32. W3C (xm_w3c)
- 149.33. WTMP (xm_wtmp)
- 149.34. XML (xm_xml)
- 149.35. Compression (xm_zlib)
- 150. Input Modules
- 151. Processor Modules
- 152. Output Modules
- NXLog Manager
- NXLog Add-Ons
149.9. External programs (xm_exec)
This module provides two procedures to enable execution of external scripts or programs. These procedures are provided through this extension module in order to minimize the size of the NXLog core. Additionally, if this module is not loaded arbitrary scripts cannot be executed from NXLog.
|
Note
|
To examine the supported platforms, see the list of installer packages in the Available Modules chapter. |
|
Note
|
The im_exec and om_exec modules also provide support for running external programs, though the purpose of these is to pipe data to and read data from programs. The procedures provided by the xm_exec module do not pipe log message data but are intended for multiple invocations. Data can still be passed to the executed script/program as command line arguments. |
149.9.1. Configuration
The xm_exec module accepts only the common module directives.
149.9.2. Functions
The following functions are exported by xm_exec.
- string
exec(string command, varargs args) -
Execute command, passing it the supplied arguments, and wait for it to terminate. The command is executed in the caller module’s context. Returns a string from stdout. Note that the module calling this function will block for at most 10 seconds or until the process terminates. Use the exec_async() procedure to avoid this problem. All output written to standard error by the spawned process is discarded.
149.9.3. Procedures
The following procedures are exported by xm_exec.
exec(string command, varargs args);-
Execute command, passing it the supplied arguments, and wait for it to terminate. The command is executed in the caller module’s context. Note that the module calling this procedure will block until the process terminates. Use the exec_async() procedure to avoid this problem. All output written to standard output and standard error by the spawned process is discarded.
149.9.4. Examples
This xm_exec module instance will run the command every second without waiting for it to terminate.
![[Download file]](images/icons/download_icon.png "Download file"){kind=icon}
1
2
3
4
5
6
7
<Extension exec>
Module xm_exec
<Schedule>
Every 1 sec
Exec exec_async("/bin/true");
</Schedule>
</Extension>
If the $raw_event field matches the regular expression, an email
will be sent.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
<Extension exec>
Module xm_exec
</Extension>
<Input tcp>
Module im_tcp
ListenAddr 0.0.0.0:1514
<Exec>
if $raw_event =~ /alertcondition/
{
exec_async("/bin/sh", "-c", 'echo "' + $Hostname +
'\n\nRawEvent:\n' + $raw_event +
'"|/usr/bin/mail -a "Content-Type: text/plain; charset=UTF-8" -s "ALERT" ' +
'user@domain.com');
}
</Exec>
</Input>
<Output file>
Module om_file
File "/var/log/messages"
</Output>
<Route tcp_to_file>
Path tcp => file
</Route>
For another example, see File rotation based on size.