I have nxlog configured to capture syslog messages and write them to a file and all is fine but now I would like the ability to parse for a specific string in the syslog message being received and then write those syslog messages to a separate file (nxdomain.log). For example, when receiving syslog messages that contain the string "NXDOMAIN", I want to then write that specific syslog message to a separate file just for those cases so I can track those specific messages and not have to later parse the daily log (log.txt) file.

How would I modify this configuration file to do just that?

define ROOT /usr/bin define FILENAME /logs/log.txt

Moduledir /usr/libexec/nxlog/modules CacheDir %ROOT%/data Pidfile %ROOT%/data/nxlog.pid SpoolDir /var/spool/nxlog LogFile /var/log/nxlog/nxlog.log LogLevel INFO

<Extension xm_exec> Module xm_exec </Extension>

<Extension xm_fileop> Module xm_fileop </Extension>

<Extension syslog> Module xm_syslog </Extension>

<Input in> Module im_tcp Host 0.0.0.0 Port 514 Exec parse_syslog_bsd() ; </Input>

<Output out> Module om_file File "%FILENAME%" <Schedule> When @daily Exec file_rename ("%FILENAME%","%FILENAME%"+'.'+strftime(now(),"%Y%m%d"));
out->reopen(); </Schedule> </Output>

<Route 1> Path in => out