use im_file and om_file on windows | Log collection solutions

#1 liuyi2b 6 years ago

I use im_file and om_file on windows,But throgh om_file,I get a file that is empty <Extension _syslog> Module xm_syslog </Extension> <Extension _json> Module xm_json </Extension> <Input in> Module im_file File "C:\Users\jiang.dengjie\Desktop\log.txt" Exec parse_syslog(); </Input> <Output out> Module om_file File "C:\Users\jiang.dengjie\Desktop\logtest.txt" Exec to_json(); </Output> <Route r> Path in => out </Route>

Permalink

#2 Zhengshi Nxlog ✓ 6 years ago

#1 liuyi2b

NXLog will only capture events created after it has started, by default.
If you are wanting to pull historical information from this file, you can use the following directives to tell NXLog to read the whole file:

<Input in>
    Module im_file
    File "C:\\Users\\jiang.dengjie\\Desktop\\log.txt"
    ReadFromLast  False
    SavePos  False
    Exec parse_syslog();
</Input>

Otherwise, you should be able to test by adding data to the file after NXLog is running.

Also, If you are just wanting to parse this file one time, nxlog-processor may be a better option.