2
responses

Hello,

I am still very new with nxlog, and currently, I am very stuck. I need to configure nxlog to pick up application files (currently we are only receiving standard windows logs). For testing purposes, I have installed and configured nxlog on my test machine.

We are using extra.conf to avoid making changes in nxlog config itself, which we install on the server automatically.

Here is my configuration which works fine on my test machine, but on the real application server, it only produces an empty file. Can it be related to the server itself, or am I just missing something? Logs are not showing any error messages.

<Extension xmlparser>
Module xm_xml
</Extension>

<Extension multiline_1>
Module xm_multiline
HeaderLine /^<Message>/
EndLine /^</Message>/
</Extension>

<Input timmsg>
Module im_file
File 'C:\Users\Administrator\Desktop\msg.log'
SavePos FALSE
ReadFromLast FALSE
InputType multiline_1
<Exec>
# Parse the xml event
parse_xml();

# Rewrite some fields
$EventTime = parsedate($timestamp);
delete($timestamp);
delete($EventReceivedTime);

# Convert to JSON
to_json();
</Exec>
</Input>

### Define the output that goes to LogPoint for analysis ###
<Output timout>
Module om_file
File "C:\Users\administrator\Desktop\1.txt"
</Output>

### Tie together inputs to outputs ###
<Route 2>
Path timmsg => timout
</Route>

AskedJanuary 16, 2019 - 4:08pm

Comments (1)

  • Zhengshi's picture
    (NXLog)

    Please make sure you have a directive for adding the JSON extension in your nxlog.conf file as I didn't see it in extra.conf. Though this should put an error in your /opt/nxlog/var/log/nxlog/nxlog.log file.
    Additional troubleshooting steps that I like to take is running NXLog in the foreground instead of as a service(nxlog -f), and liberal use of log_info($raw_event); directives so that you can see the changes in the event.

Answer (1)