Log Rotation

Post a different question
3
responses

Hi,
I don't have a lot of skill in NXLog and I need help. I have an application which puts a log file (* .csv) in a directory every 10 min. The file in question must be sent to the SIEM server and also must be compressed. my question how to make compressed the file once sent to the siem server.

Thanks for your help.

AskedMarch 3, 2020 - 2:07pm

Answer (1)

Hello Abdel,

It seems you will need to compress the files before sending them to the SIEM.
You could achieve it using im_exec module.

AnsweredMarch 3, 2020 - 2:23pm

Comments (2)

  • abdel's picture

    Hi Manuel,

    Thanks for your answers.
    How Can I do that. below my conf file:
    define ROOT E:\nxlog
    define CERTDIR %ROOT%\cert
    define CONFDIR %ROOT%\conf
    define LOGDIR %ROOT%\data
    Moduledir %ROOT%\modules
    CacheDir %ROOT%\data
    Pidfile %ROOT%\data\nxlog.pid
    SpoolDir %ROOT%\data
    LogFile %ROOT%\data\nxlog.log
    LogLevel INFO

    <Extension syslog>
    Module xm_syslog
    </Extension>

    <Input _in>
    Module im_file
    File 'E:\Logs\web*.csv'
    Exec $Message = $raw_event;
    SavePos TRUE
    Recursive TRUE

    </Input>

    <Processor transformer>
    Module pm_transformer
    Exec $SyslogFacilityValue = syslog_facility_value("local2");
    OutputFormat syslog_rfc3164
    </Processor>

    <Output out>
    Module om_tcp
    Host 1.1.1.1
    Port 514
    Exec to_syslog_bsd();
    </Output>

    <Route 1>
    Path _in => transformer => out
    </Route>

    March 3, 2020 - 3:40pm