use im_file and om_file on windows

Post a different question
1
answer

I use im_file and om_file on windows,But throgh om_file,I get a file that is empty
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension _json>
Module xm_json
</Extension>
<Input in>
Module im_file
File "C:\\Users\\jiang.dengjie\\Desktop\\log.txt"
Exec parse_syslog();
</Input>
<Output out>
Module om_file
File "C:\\Users\\jiang.dengjie\\Desktop\\logtest.txt"
Exec to_json();
</Output>
<Route r>
Path in => out
</Route>

AskedJune 10, 2019 - 7:30am

Answer (1)

NXLog will only capture events created after it has started, by default.
If you are wanting to pull historical information from this file, you can use the following directives to tell NXLog to read the whole file:

<Input in>
    Module im_file
    File "C:\\Users\\jiang.dengjie\\Desktop\\log.txt"
    ReadFromLast  False
    SavePos  False
    Exec parse_syslog();
</Input>

Otherwise, you should be able to test by adding data to the file after NXLog is running.

Also, If you are just wanting to parse this file one time, nxlog-processor may be a better option.

AnsweredJune 10, 2019 - 3:32pm