2
responses

Hi,

I am implementing configuration for nxlog to read from a file and write to UDP socket. I am also implementing to check if nxlog failed to forward log messages, then it should write in its log. For this case, I am using buffer and checking buffer count to log the message. I checked it by unplugging the network cable and it is not working. Please review following code.

<Extension _syslog>

    Module      xm_syslog
</Extension>

<Extension _exec>
    Module    xm_exec
</Extension>

<Processor buffer_Check>
    Module pm_buffer
    MaxSize 2048
    Type Mem
    Exec log_info("In Buffer" + buffer_count());
    Exec if buffer_count() > 2 \
        {\
        log_info("Route Failover");\
        }\
</Processor>

<Input in_WebAdmin>
    # Exec     log_info("Reading File");
    Module    im_file
    SavePos    TRUE
    PollInterval 0.5
    File 'C:\\ProgramData\\Cisco\\CUACA\\Server\\Logging\\WAD\\AACM_*.log'
</Input>

<Output out_WebAdmin>
    Module om_udp
    Host 10.110.22.6
    Port 514
    Exec to_syslog_ietf();
</Output>

<Route route_CTServer>
    Path in_WebAdmin => buffer_Check => out_WebAdmin
</Route>

 

In above configuration, it should log the message "Route Failover" in case nxlog is not forwarding log messages and nxlog is storing log messages in buffer. Please review it and let me know the solution as soon as possible.

 

Thanks,

Mazhar Nazeer

AskedFebruary 16, 2016 - 1:52pm

Answer (1)

UDP is not reliable. Even if you pull the cable it's likely that it won't be detected by the OS (e.g. as unroutable address) and your data will silently disappear. As such flow-control will not cause data to be buffered.

Comments (1)

  • mazharnazeer's picture

    Thanks for the response.

    I have used tcp socket for communication and it is working with buffer. Actually I am using buffer count to detect failover such that if nxlog failed to forward messages to syslog server. But it is not working like that. Because my application has lots of logging to send through nxlog and nxlog uses buffer when it receives lots of messages at same time. I know that there is log entry in nxlog's log file if it failed to connect to syslog server. But I want to configure it like if it fails to send log, it should send alert message to other application or I will configure it to execute another application.

    Please help me with that scenario.

    Thanks,

    Mazhar Nazeer