NXLog User Guide
- Introduction
- Deployment
- Configuration
- OS Support
- Integration
- Troubleshooting
- Enterprise Edition Reference Manual
- 143. Man Pages
- 144. Configuration
- 145. Language
- 146. Extension Modules
- 146.1. Remote Management (xm_admin)
- 146.2. AIX Auditing (xm_aixaudit)
- 146.3. Apple System Logs (xm_asl)
- 146.4. Basic Security Module Auditing (xm_bsm)
- 146.5. Common Event Format (xm_cef)
- 146.6. Character set conversion (xm_charconv)
- 146.7. Encryption (xm_crypto)
- 146.8. Delimiter-Separated Values (xm_csv)
- 146.9. External programs (xm_exec)
- 146.10. File lists (xm_filelist)
- 146.11. File operations (xm_fileop)
- 146.12. GELF (xm_gelf)
- 146.13. Go (xm_go)
- 146.14. Grok (xm_grok)
- 146.15. Java (xm_java)
- 146.16. JSON (xm_json)
- 146.17. Key-value pairs (xm_kvp)
- 146.18. LEEF (xm_leef)
- 146.19. Microsoft DNS Server (xm_msdns)
- 146.20. Multiline parser (xm_multiline)
- 146.21. NetFlow (xm_netflow)
- 146.22. Microsoft Network Policy Server (xm_nps)
- 146.23. Pattern matcher (xm_pattern)
- 146.24. Perl (xm_perl)
- 146.25. Python (xm_python)
- 146.26. Resolver (xm_resolver)
- 146.27. Rewrite (xm_rewrite)
- 146.28. Ruby (xm_ruby)
- 146.29. SNMP traps (xm_snmp)
- 146.30. Remote Management (xm_soapadmin)
- 146.31. Syslog (xm_syslog)
- 146.32. W3C (xm_w3c)
- 146.33. WTMP (xm_wtmp)
- 146.34. XML (xm_xml)
- 146.35. Compression (xm_zlib)
- 147. Input Modules
- 148. Processor Modules
- 149. Output Modules
- NXLog Manager
- NXLog Add-Ons
146.28. Ruby (xm_ruby)
This module provides support for processing NXLog log data with methods written in the Ruby language. Ruby methods can be defined in a script and then called from the Exec directive of any module that will use Ruby for log processing. See the example below. See also the im_ruby and om_ruby modules.
|
Note
|
To examine the supported platforms, see the list of installer packages in the Available Modules chapter. |
The Nxlog module provides the following classes and methods.
- Nxlog.log_info(msg)
-
Send the message msg to the internal logger at DEBUG log level. This method does the same as the core log_debug() procedure.
- Nxlog.log_debug(msg)
-
Send the message msg to the internal logger at INFO log level. This method does the same as the core log_info() procedure.
- Nxlog.log_warning(msg)
-
Send the message msg to the internal logger at WARNING log level. This method does the same as the core log_warning() procedure.
- Nxlog.log_error(msg)
-
Send the message msg to the internal logger at ERROR log level. This method does the same as the core log_error() procedure.
- class Nxlog.LogData
-
This class represents an event.
- field_names()
-
This method returns an array with the names of all the fields currently in the event record.
- get_field(name)
-
This method returns the value of the field name in the event.
- set_field(name, value)
-
This method sets the value of field name to value.
146.28.1. Configuration
The xm_ruby module accepts the following directives in addition to the common module directives.
- RubyCode
-
This mandatory directive expects a file containing valid Ruby code. Methods defined in this file can be called with the ruby_call() procedure.
146.28.2. Procedures
The following procedures are exported by xm_ruby.
call(string subroutine);-
Calls the Ruby method provided in the first argument.
ruby_call(string subroutine);-
Calls the Ruby method provided in the first argument.
146.28.3. Examples
In this example logs are parsed as Syslog, then the data is passed to
a Ruby method which adds an incrementing $AlertCounter field for any event
with a normalized $SeverityValue of at least
4.
![[Download file]](images/icons/download_icon.png "Download file"){kind=icon}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension ruby>
Module xm_ruby
RubyCode ./modules/extension/ruby/processlogs2.rb
</Extension>
<Input in>
Module im_file
File 'test2.log'
<Exec>
parse_syslog();
ruby->call('add_alert_counter');
</Exec>
</Input>
$counter = 0
def add_alert_counter(event)
if event.get_field('SeverityValue') >= 4
Nxlog.log_debug('Adding AlertCounter field')
$counter += 1
event.set_field('AlertCounter', $counter)
end
end