Is there a command or switch to prevent nxlog from deleting log files that have already been consumed and forward to their destination?
I am want to forward the Exchange 2013 Message Tracking logs to a Graylog Server but need to leave the tracking logs in place.
Thanks,
Dan
Comments (2)
Well, I cannot find the switches in the documentation that allow control of deleting.
I used a simple configuration and after consuming the first log, nxlog wrote into its log file, that it was deleting log files. I did not place any explicit command allowing nxlog to delete logs file. This is my initial conf file in my test environment:
## Initial configuration ##
define ROOT C:\\Program Files\\nxlog
Moduledir %ROOT%\\modules
CacheDir %ROOT%\\data
Pidfile %ROOT%\\data\\nxlog.pid
SpoolDir %ROOT%\\data
LogFile %ROOT%\\data\\nxlog.log
Module xm_gelf
Module im_file
##File "D:\\Logs\\x11\\\\*.LOG"
File "\\\exsvr1\\logs\\\\*.LOG"
##SavePos TRUE
Module om_tcp
Host syslog-02.mydomain.com
Port 5514
OutputType GELF_TCP
Path in_exsvr1 => out_graylog
There is no explicit allow for delete, yet this nxlog wrote the following entries in its log:
2015-09-15 15:43:28 INFO connecting to syslog-02.mydomain.com:5514
2015-09-15 15:43:28 INFO nxlog-ce-2.9.1347 started
2015-09-15 16:00:01 WARNING input file was deleted: \\exsvr1\logs\\MSGTRKMD2015090708-2.LOG
2015-09-15 16:00:01 WARNING input file was deleted: \\exsvr1\logs\\MSGTRK2015090321-1.LOG
2015-09-15 16:00:02 WARNING input file was deleted: \\exsvr1\logs\\MSGTRKMS2015081614-1.LOG
2015-09-15 16:00:02 WARNING input file was deleted: \\exsvr1\logs\\MSGTRK2015090323-1.LOG
2015-09-15 16:00:02 WARNING input file was deleted: \\exsvr1\logs\\MSGTRK2015090400-1.LOG
2015-09-15 16:00:02 WARNING input file was deleted: \\exsvr1\logs\\MSGTRKMD2015090709-1.LOG
2015-09-15 16:00:03 WARNING input file was deleted: \\exsvr1\logs\\MSGTRK2015090322-1.LOG
2015-09-15 16:00:05 WARNING input file was deleted: \\exsvr1\logs\\MSGTRK2015090401-1.LOG
2015-09-15 16:08:14 WARNING stopping nxlog service
2015-09-15 16:08:14 WARNING nxlog-ce received a termination request signal, exiting...
The data was sent into our graylog server in GELF format, and I can confirm that nxlog did delete the listed log files.
So, where can I find the control switch(es) in the documentation to explicit allow or forbid deleting of log files.
Thanks for the help.
Dan
"WARNING input file was deleted" refers to the fact that it detects that the file was deleted but NXLog (im_file) does not delete files. You probably have log rotation set up for your exchange message tracking logs, please check your exchange configuration for that.