Multiple NXConfigs

Tags:

#1 Constrife 5 years ago

Hey,

I am currently having trouble finding a way to input multiple inputs. So I am currently forwarding my DNS log with the following:

> define ROOT C:\Program Files (x86)\nxlog
> 
> Moduledir %ROOT%\modules
> CacheDir %ROOT%\data
> Pidfile %ROOT%\data\nxlog.pid
> SpoolDir %ROOT%\data
> LogFile %ROOT%\data\nxlog.log
> 
> <Extension gelf>
>     Module xm_gelf
>     ShortMessageLength -1
> </Extension>
> 
> <Input dns>
>     Module  im_file
>     File  "C:\DNS\dns.log"
>     SavePos TRUE
>     InputType LineBased
> </Input>
> 
> <Output out> 
>     Module      om_udp
>     Host        192.168.0.168
>     Port        5414
>     OutputType  GELF
> </Output>
> 
> <Route 2>
>     Path        dns => out
> </Route>

That works 100% and I am happy with the results. The issue comes with trying to send the DNS log and sending Windows Event logs as well. I tried the following but it always comes back with errors.

Both DNS and Winlogs

> define ROOT C:\Program Files (x86)\nxlog
> 
> Moduledir %ROOT%\modules
> CacheDir %ROOT%\data
> Pidfile %ROOT%\data\nxlog.pid
> SpoolDir %ROOT%\data
> LogFile %ROOT%\data\nxlog.log
> 
> <Extension gelf>
>     Module xm_gelf
>     ShortMessageLength -1
> </Extension>
> 
> <Input in1>
>     Module      im_msvistalog
> # For windows 2003 and earlier use the following:
> #   Module      im_mseventlog
> </Input>
> 
> <Input dns2>
>     Module  im_file
>     File  "C:\DNS\dns.log"
>     SavePos TRUE
>     InputType LineBased
> </Input>
> 
> <Output out2> 
>     Module      om_udp
>     Host        192.168.0.168
>     Port        5414
>     OutputType  GELF
> </Output>
> 
> <Output out1>
>     Module      om_tcp
>     Host        192.168.0.168
>     Port        12201
>     OutputType	GELF_TCP
> </Output>
> 
> <Route 1>
>     Path        in => out
> </Route>
> 
> <Route 2>
>     Path        dns => out
> </Route>

Error: 2018-05-03 10:46:31 ERROR module 'in' is not declared at C:\Program Files (x86)\nxlog\conf\nxlog.conf:42 2018-05-03 10:46:31 ERROR module 'out' is not declared at C:\Program Files (x86)\nxlog\conf\nxlog.conf:42 2018-05-03 10:46:31 ERROR route 2 is not functional without input modules, ignored at C:\Program Files (x86)\nxlog\conf\nxlog.conf:42 2018-05-03 10:46:31 ERROR module 'dns' is not declared at C:\Program Files (x86)\nxlog\conf\nxlog.conf:46 2018-05-03 10:46:31 ERROR module 'out' is not declared at C:\Program Files (x86)\nxlog\conf\nxlog.conf:46 2018-05-03 10:46:31 ERROR route 1 is not functional without input modules, ignored at C:\Program Files (x86)\nxlog\conf\nxlog.conf:46 2018-05-03 10:46:31 WARNING no routes defined! 2018-05-03 10:46:31 WARNING not starting unused module in2 2018-05-03 10:46:31 WARNING not starting unused module dns1 2018-05-03 10:46:31 WARNING not starting unused module out1 2018-05-03 10:46:31 WARNING not starting unused module out2 2018-05-03 10:46:31 INFO nxlog-ce-2.9.1716 started

Just looking for a way to maybe input it correctly or find a way to use multiple NXLog config files

Permalink

#2 b0ti Nxlog ✓ 5 years ago (Last updated 5 years ago )

#1 Constrife

Hey, I am currently having trouble finding a way to input multiple inputs. So I am currently forwarding my DNS log with the following: > define ROOT C:\Program Files (x86)\nxlog > > Moduledir %ROOT%\modules > CacheDir %ROOT%\data > Pidfile %ROOT%\data\nxlog.pid > SpoolDir %ROOT%\data > LogFile %ROOT%\data\nxlog.log > > <Extension gelf> > Module xm_gelf > ShortMessageLength -1 > </Extension> > > <Input dns> > Module im_file > File "C:\DNS\dns.log" > SavePos TRUE > InputType LineBased > </Input> > > <Output out> > Module om_udp > Host 192.168.0.168 > Port 5414 > OutputType GELF > </Output> > > <Route 2> > Path dns => out > </Route> That works 100% and I am happy with the results. The issue comes with trying to send the DNS log and sending Windows Event logs as well. I tried the following but it always comes back with errors. Both DNS and Winlogs > define ROOT C:\Program Files (x86)\nxlog > > Moduledir %ROOT%\modules > CacheDir %ROOT%\data > Pidfile %ROOT%\data\nxlog.pid > SpoolDir %ROOT%\data > LogFile %ROOT%\data\nxlog.log > > <Extension gelf> > Module xm_gelf > ShortMessageLength -1 > </Extension> > > <Input in1> > Module im_msvistalog > # For windows 2003 and earlier use the following: > # Module im_mseventlog > </Input> > > <Input dns2> > Module im_file > File "C:\DNS\dns.log" > SavePos TRUE > InputType LineBased > </Input> > > <Output out2> > Module om_udp > Host 192.168.0.168 > Port 5414 > OutputType GELF > </Output> > > <Output out1> > Module om_tcp > Host 192.168.0.168 > Port 12201 > OutputType GELF_TCP > </Output> > > <Route 1> > Path in => out > </Route> > > <Route 2> > Path dns => out > </Route> Error: 2018-05-03 10:46:31 ERROR module 'in' is not declared at C:\Program Files (x86)\nxlog\conf\nxlog.conf:42 2018-05-03 10:46:31 ERROR module 'out' is not declared at C:\Program Files (x86)\nxlog\conf\nxlog.conf:42 2018-05-03 10:46:31 ERROR route 2 is not functional without input modules, ignored at C:\Program Files (x86)\nxlog\conf\nxlog.conf:42 2018-05-03 10:46:31 ERROR module 'dns' is not declared at C:\Program Files (x86)\nxlog\conf\nxlog.conf:46 2018-05-03 10:46:31 ERROR module 'out' is not declared at C:\Program Files (x86)\nxlog\conf\nxlog.conf:46 2018-05-03 10:46:31 ERROR route 1 is not functional without input modules, ignored at C:\Program Files (x86)\nxlog\conf\nxlog.conf:46 2018-05-03 10:46:31 WARNING no routes defined! 2018-05-03 10:46:31 WARNING not starting unused module in2 2018-05-03 10:46:31 WARNING not starting unused module dns1 2018-05-03 10:46:31 WARNING not starting unused module out1 2018-05-03 10:46:31 WARNING not starting unused module out2 2018-05-03 10:46:31 INFO nxlog-ce-2.9.1716 started Just looking for a way to maybe input it correctly or find a way to use multiple NXLog config files

You need dns2 => out1 since you have <Input dns2> declared. This is what the error message is trying to say.