Request trial
Request Trial

watching a log file on my system and sending it to Loggly

Tags:
#1 lornemartin

Hi,

  I am totally new to nxlog and trying to set up a config file to watch a file on my local hard drive and send it to Loggly whenever it changes.  My conf file is below.  I copied this file from the loggly documentation and tried modifiying it as per their instructions so there may be some unnecessary lines in it. The file I want to watch and send is in the C:\\Program Files\\Autodesk\\Vault Professional 2016\\Explorer\\ folder.  The file name is JobProcessor.log.  When I uncomment the "#Exec file_write("C:\\Program Files\\Autodesk\\Vault Professional 2016\\Explorer\\JobProcessor.log",  $raw_event);" line, it does send it out so I know the connection is working.  But I have not been able to 'trigger' the file to process whenever there is a change to it.  Any advice is appreciated.  Thanks.

 

#define ROOT_STRING C:\\Program Files\\nxlog
define ROOT C:\\Program Files (x86)\\nxlog
define ROOT_STRING C:\\Program Files (x86)\\nxlog
define CERTDIR %ROOT%\\cert
 
Moduledir %ROOT%\\modules
CacheDir %ROOT%\\data
Pidfile %ROOT%\\data\\nxlog.pid
SpoolDir %ROOT%\\data
LogFile %ROOT%\\data\\nxlog.log
 
# Include fileop while debugging, also enable in the output module below
<Extension fileop>
    Module      xm_fileop
</Extension>
 
<Extension json>
    Module      xm_json
</Extension>
 
<Extension syslog>
    Module xm_syslog
</Extension>
 
<Input internal>
    Module im_internal
    Exec  $Message = to_json(); 
</Input>

##Module to watch a file
<Input file_watch_1>
    Module im_file
    File "C:\\Program Files\\Autodesk\\Vault Professional 2016\\Explorer\\"
    Exec   $SourceName = 'JobProcessor.log'; 
    SavePos TRUE

    ##include the message and add meta data
    Exec $Message = $raw_event;
    Exec to_syslog_ietf();
</Input>
 
<Output out>
    Module om_tcp
    Host logs-01.loggly.com
    Port 514
 
    Exec to_syslog_ietf();
    Exec $raw_event;

#Use the following line for debugging (uncomment the fileop extension above as well)
    #Exec file_write("C:\\Program Files\\Autodesk\\Vault Professional 2016\\Explorer\\JobProcessor.log",  $raw_event);
</Output>
 
<Route 1>
    #Path internal, eventlog => out
    Path    in => out
</Route>

Permalink
#2 b0ti Nxlog ✓
#1 lornemartin
Hi,   I am totally new to nxlog and trying to set up a config file to watch a file on my local hard drive and send it to Loggly whenever it changes.  My conf file is below.  I copied this file from the loggly documentation and tried modifiying it as per their instructions so there may be some unnecessary lines in it. The file I want to watch and send is in the C:\\Program Files\\Autodesk\\Vault Professional 2016\\Explorer\\ folder.  The file name is JobProcessor.log.  When I uncomment the "#Exec file_write("C:\\Program Files\\Autodesk\\Vault Professional 2016\\Explorer\\JobProcessor.log",  $raw_event);" line, it does send it out so I know the connection is working.  But I have not been able to 'trigger' the file to process whenever there is a change to it.  Any advice is appreciated.  Thanks.   #define ROOT_STRING C:\\Program Files\\nxlog define ROOT C:\\Program Files (x86)\\nxlog define ROOT_STRING C:\\Program Files (x86)\\nxlog define CERTDIR %ROOT%\\cert   Moduledir %ROOT%\\modules CacheDir %ROOT%\\data Pidfile %ROOT%\\data\\nxlog.pid SpoolDir %ROOT%\\data LogFile %ROOT%\\data\\nxlog.log   # Include fileop while debugging, also enable in the output module below <Extension fileop>     Module      xm_fileop </Extension>   <Extension json>     Module      xm_json </Extension>   <Extension syslog>     Module xm_syslog </Extension>   <Input internal>     Module im_internal     Exec  $Message = to_json();  </Input> ##Module to watch a file <Input file_watch_1>     Module im_file     File "C:\\Program Files\\Autodesk\\Vault Professional 2016\\Explorer\\"     Exec   $SourceName = 'JobProcessor.log';      SavePos TRUE     ##include the message and add meta data     Exec $Message = $raw_event;     Exec to_syslog_ietf(); </Input>   <Output out>     Module om_tcp     Host logs-01.loggly.com     Port 514       Exec to_syslog_ietf();     Exec $raw_event; #Use the following line for debugging (uncomment the fileop extension above as well)     #Exec file_write("C:\\Program Files\\Autodesk\\Vault Professional 2016\\Explorer\\JobProcessor.log",  $raw_event); </Output>   <Route 1>     #Path internal, eventlog => out     Path    in => out </Route> 
File "C:\\Program Files\\Autodesk\\Vault Professional 2016\\Explorer\\"

You probably want this instead of the above:

File "C:\\Program Files\\Autodesk\\Vault Professional 2016\\Explorer\\JobProcessor.log"

It's not a good idea to write data into the same file you are reading from as this might cause unpleasant surprises:

#Exec file_write("C:\\Program Files\\Autodesk\\Vault Professional 2016\\Explorer\\JobProcessor.log",  $raw_event);
Login to see more

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS