Trying to set up NXLog to send syslog info from network devices to Loggly. I can see that it's sending the data and then relaying it to Loggly, but it is NOT manipulating the headers for the inputs received via UDP 514. It does send the Windows information (which I don't even want). I can see the information going out, unchanged using wireshark.

Below is what I've got set up, and I would appreciate any assistance (or maybe a WORKING configuration sample) to straighten this out.

<Input udp>
Module im_udp
Port 514
Exec parse_syslog();

<Output out>
Module om_tcp
Host logs-01.loggly.com
Port 514

Exec to_syslog_ietf();
Exec $raw_event =~ s/(\[.*])//g; $raw_event = replace($raw_event, '{', '[XXXXXXXXXXXXXXXXXXXXXXXX@41058 tag="windows"] {', 1);

#Use the following line for debugging (uncomment the fileop extension above as well)
Exec file_write("C:\\Program Files (x86)\\nxlog\\data\\nxlog_output.log", $raw_event);
<Route 1>
Path udp, internal, eventlog => buffer => out
Path udp, internal, eventlog => out

AskedAugust 24, 2020 - 11:07pm

Comments (2)

  • CM_035570's picture

    Actually, I have the messages going over to Loggly now.

    Now I'm struggllng with a different problem around timestamps, but I'll open another thread for this.

Answers (0)