Request trial
Request Trial

Log Rotation Help

Tags: xm_fileop log rotate
#1 jd01

Hi, I'm currently outputting my desired log into a specific folder. I'm attempting to rotate the output file by size. Is there any limitations if i'm not under a enterprise license?

Anyway this is the error i'm getting: ERROR failed to determine file size of 'APPLOGFILE': The system cannot find the file specified.

This is my config

Panic Soft
#NoFreeOnExit TRUE

define ROOT     C:\Program Files (x86)\nxlog
define CERTDIR  %ROOT%\cert
define CONFDIR  %ROOT%\conf
define LOGDIR   %ROOT%\data
define LOGFILE  %LOGDIR%\nxlog.log
LogFile %LOGFILE%

Moduledir %ROOT%\modules
CacheDir  %ROOT%\data
Pidfile   %ROOT%\data\nxlog.pid
SpoolDir  %ROOT%\data

define APPLOGFILE'/Program Files/Nxlog/Parsed_syslog/my_parsed.log'

<Extension _fileop>
    Module  xm_fileop
</Extension>
<Extension exec>
    Module  xm_exec
</Extension>
<Extension syslog>
    Module  xm_syslog
</Extension>
<Extension charconv>
   Module      xm_charconv
   AutodetectCharsets utf-8, euc-jp, utf-16, utf-32, iso8859-2
</Extension>
<Extension json>
    Module	xm_json
</Extension>
<Extension multiline_header>
	Module xm_multiline
	HeaderLine /[\d\t .:]+ [1A-Za-z-]+ [MXZa-z-]+ [\d.\/-]+ [\d:]+ CEST \|/
</Extension>


#5140 udp listenner
<Input udp_my_listenner>
	Module  im_udp
    Host    0.0.0.0
    Port    5140
</Input>
#writes input to a file
<Output my_raw_to_file>
    Module  om_file 
    File '/Nxlog/Raw_syslog/'+ strftime(now(),'_%Y_%m_%d') + '_my_raw.log'
</Output>



<Input raw_udp_file>
    Module  im_file
    SavePos True
    ReadFromLast True
    File '/Nxlog/Raw_syslog/'+ strftime(now(),'_%Y_%m_%d') + '_my_raw.log'
    InputType multiline_header
    <Exec>
	 $type = 'my Log';
	 $SourceModuleName = 'NxLog';
	 $SourceModuleType = 'my Log Source';
     $Message = $raw_event;
     if not (($raw_event =~ /TEST REGEX/))
		drop();
    </Exec>
</Input>

<Processor norepeat>
    Module      pm_norepeat
    CheckFields Hostname, Message, SourceName
</Processor>


#output of the transformation
<Output my_json_out>
       Module om_file
	   File 'D:/Program Files/Nxlog/Parsed_syslog/my_parsed.log'
       Exec $raw_event = to_json();
	   <Schedule>
			Every 30 sec
			<Exec>
				if(file_size('APPLOGFILE') >= 100M)  
					{ 
						 file_cycle('APPLOGFILE',500); 
						 my_json_out->reopen(); 
					}
			</Exec>
	   </Schedule>
</Output>



#1st route
<Route udp_to_file> 
      Path udp_my_listenner => my_raw_to_file 
</Route> 
#2nd route
<Route udp_file_to_json_file> 
      Path raw_udp_file => norepeat => my_json_out 
</Route>

  • What am i doing wrong? can anyone suggest a better config? This is my first time configuring log rotation via nxlog.

  • What i would like to achieve as and output is that every x seconds if the file exceeds 100MB it's rotated and a new file is created.

Permalink
#2 ArkadiyDeactivated Nxlog ✓
#1 jd01
Hi, I'm currently outputting my desired log into a specific folder. I'm attempting to rotate the output file by size. Is there any limitations if i'm not under a enterprise license? Anyway this is the error i'm getting: ERROR failed to determine file size of 'APPLOGFILE': The system cannot find the file specified. This is my config Panic Soft #NoFreeOnExit TRUE define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE% Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data define APPLOGFILE'/Program Files/Nxlog/Parsed_syslog/my_parsed.log' <Extension _fileop> Module xm_fileop </Extension> <Extension exec> Module xm_exec </Extension> <Extension syslog> Module xm_syslog </Extension> <Extension charconv> Module xm_charconv AutodetectCharsets utf-8, euc-jp, utf-16, utf-32, iso8859-2 </Extension> <Extension json> Module xm_json </Extension> <Extension multiline_header> Module xm_multiline HeaderLine /[\d\t .:]+ [1A-Za-z-]+ [MXZa-z-]+ [\d.\/-]+ [\d:]+ CEST \|/ </Extension> #5140 udp listenner <Input udp_my_listenner> Module im_udp Host 0.0.0.0 Port 5140 </Input> #writes input to a file <Output my_raw_to_file> Module om_file File '/Nxlog/Raw_syslog/'+ strftime(now(),'_%Y_%m_%d') + '_my_raw.log' </Output> <Input raw_udp_file> Module im_file SavePos True ReadFromLast True File '/Nxlog/Raw_syslog/'+ strftime(now(),'_%Y_%m_%d') + '_my_raw.log' InputType multiline_header <Exec> $type = 'my Log'; $SourceModuleName = 'NxLog'; $SourceModuleType = 'my Log Source'; $Message = $raw_event; if not (($raw_event =~ /TEST REGEX/)) drop(); </Exec> </Input> <Processor norepeat> Module pm_norepeat CheckFields Hostname, Message, SourceName </Processor> #output of the transformation <Output my_json_out> Module om_file File 'D:/Program Files/Nxlog/Parsed_syslog/my_parsed.log' Exec $raw_event = to_json(); <Schedule> Every 30 sec <Exec> if(file_size('APPLOGFILE') >= 100M) { file_cycle('APPLOGFILE',500); my_json_out->reopen(); } </Exec> </Schedule> </Output> #1st route <Route udp_to_file> Path udp_my_listenner => my_raw_to_file </Route> #2nd route <Route udp_file_to_json_file> Path raw_udp_file => norepeat => my_json_out </Route> What am i doing wrong? can anyone suggest a better config? This is my first time configuring log rotation via nxlog. What i would like to achieve as and output is that every x seconds if the file exceeds 100MB it's rotated and a new file is created.

Hello,

You should write %APPLOGFILE% instead of 'APPLOGFILE', please check how to use define directive here: https://nxlog.co/documentation/nxlog-user-guide-full#general-directives

Regards, Arch
Login to see more

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS