process log and rewrite output | Log collection solutions

#1 mark 8 years ago

Hello

I have created a regex expression to extract values from my logs, I have difficulties in writing these values in the nxlog output

The issue is that the output file is identical to the input log, not sure what I'm doing wrong here, any help is welcome

My nxlog.conf is as follow

<Input in>
Module im_file
File "C:\\tmp\example-log.txt"
SavePos TRUE
Recursive TRUE
InputType multiline
       exec if $raw_event =~ /(?:\{"([0-9]+?), ([0-9]+?), "(.+?)", "(.+?)", "(?:.+?)", "(.+?)\n(?:[a-zA-Z0-9:,"\n\r\s\f\t\-\{\}\.]+?)New\sLogon:\s*(?:.+?)\n\s*Account\sName:\s*(.+?)\n(?:[a-zA-Z0-9:,"\n\r\s\f\t\-\{\}\.]+?)Source\sNetwork\sAddress:\s*([0-9\.]{7,15})\n(?:[a-zA-Z0-9:,"\n\r\s\f\t\-\{\}\.]+?)"\})/ \
   { \
   $timestamp = $1; \
   $event = $2; \
   $status = $3; \
   $type = $4; \
   $short = $5; \
   $user = $6; \
   $source = $7; \
   }
</Input>

#<Output out>
# Module om_tcp
# Host 192.168.1.15
# Port 12201
# OutputType GELF_TCP
#</Output>

<Processor one>
Module pm_null
Exec $raw_event = $timestamp + $event + $status + $type + $short + $user + $source;
</Processor>

<Output out>
Module om_file
File 'C:\\tmp\output'
</Output>

Thanks heaps

Mark

Permalink

#2 adm Nxlog ✓ 8 years ago (Last updated 8 years ago )

#1 mark

Hello I have created a regex expression to extract values from my logs, I have difficulties in writing these values in the nxlog output The issue is that the output file is identical to the input log, not sure what I'm doing wrong here, any help is welcome My nxlog.conf is as follow <Input in> Module im_file File "C:\\tmp\example-log.txt" SavePos TRUE Recursive TRUE InputType multiline exec if $raw_event =~ /(?:\{"([0-9]+?), ([0-9]+?), "(.+?)", "(.+?)", "(?:.+?)", "(.+?)\n(?:[a-zA-Z0-9:,"\n\r\s\f\t\-\{\}\.]+?)New\sLogon:\s*(?:.+?)\n\s*Account\sName:\s*(.+?)\n(?:[a-zA-Z0-9:,"\n\r\s\f\t\-\{\}\.]+?)Source\sNetwork\sAddress:\s*([0-9\.]{7,15})\n(?:[a-zA-Z0-9:,"\n\r\s\f\t\-\{\}\.]+?)"\})/ \ { \ $timestamp = $1; \ $event = $2; \ $status = $3; \ $type = $4; \ $short = $5; \ $user = $6; \ $source = $7; \ } </Input> #<Output out> # Module om_tcp # Host 192.168.1.15 # Port 12201 # OutputType GELF_TCP #</Output> <Processor one> Module pm_null Exec $raw_event = $timestamp + $event + $status + $type + $short + $user + $source; </Processor> <Output out> Module om_file File 'C:\\tmp\output' </Output> <Route 1> Path in => one => out </Route> Thanks heaps Mark

I have difficulties in writing these values in the nxlog output

Please elaborate on this. Are you getting emtpy lines in the output, no output at all, errors in nxlog.log, etc?