response
I have nxlog configured to capture syslog messages and write them to a file and all is fine but now I would like the ability to parse for a specific string in the syslog message being received and then write those syslog messages to a separate file (nxdomain.log). For example, when receiving syslog messages that contain the string "NXDOMAIN", I want to then write that specific syslog message to a separate file just for those cases so I can track those specific messages and not have to later parse the daily log (log.txt) file.
How would I modify this configuration file to do just that?
define ROOT /usr/bin
define FILENAME /logs/log.txt
Moduledir /usr/libexec/nxlog/modules
CacheDir %ROOT%/data
Pidfile %ROOT%/data/nxlog.pid
SpoolDir /var/spool/nxlog
LogFile /var/log/nxlog/nxlog.log
LogLevel INFO
<Extension xm_exec>
Module xm_exec
</Extension>
<Extension xm_fileop>
Module xm_fileop
</Extension>
<Extension syslog>
Module xm_syslog
</Extension>
<Input in>
Module im_tcp
Host 0.0.0.0
Port 514
Exec parse_syslog_bsd() ;
</Input>
<Output out>
Module om_file
File "%FILENAME%"
<Schedule>
When @daily
Exec file_rename ("%FILENAME%","%FILENAME%"+'.'+strftime(now(),"%Y%m%d"));\
out->reopen();
</Schedule>
</Output>
<Route 1>
Path in => out
