collecting duplicate event logs | Log collection solutions

#1 Suryaprakash 6 years ago

The following config is working for me to send application event logs to server via tcp, but it is sending duplicate messages for every Event Viewer event/entry.

config below as follows.

User nxlog Group nxlog

LogFile /var/log/nxlog/nxlog.log LogLevel INFO

<Extension exec> Module xm_exec </Extension>

<Extension syslog> Module xm_syslog </Extension>

<Input in> Module im_tcp Port 1514 Host 0.0.0.0 Exec parse_syslog_bsd(); </Input>

<Output out> Module om_file File "/application/logs/" + $Hostname + "" + "app.log" <Exec> if out->file_size() > 1G { set_var('newfile', file_name() + strftime(now(), '%Y%m%d%H%M%S')); rotate_to(get_var('newfile')); exec_async('/bin/bzip2', get_var('newfile')); } </Exec> </Output>

Permalink

#2 Suryaprakash 6 years ago

#1 Suryaprakash

The following config is working for me to send application event logs to server via tcp, but it is sending duplicate messages for every Event Viewer event/entry. config below as follows. User nxlog Group nxlog LogFile /var/log/nxlog/nxlog.log LogLevel INFO <Extension exec> Module xm_exec </Extension> <Extension syslog> Module xm_syslog </Extension> <Input in> Module im_tcp Port 1514 Host 0.0.0.0 Exec parse_syslog_bsd(); </Input> <Output out> Module om_file File "/application/logs/" + $Hostname + "" + "app.log" <Exec> if out->file_size() > 1G { set_var('newfile', file_name() + strftime(now(), '%Y%m%d%H%M%S')); rotate_to(get_var('newfile')); exec_async('/bin/bzip2', get_var('newfile')); } </Exec> </Output> <Route 1> Path in => out </Route>

kindly help me..