Workign NXLog configuration to send network device syslog info to loggly?

#1 CM_035570 3 years ago

Below is what I've got set up, and I would appreciate any assistance (or maybe a WORKING configuration sample) to straighten this out.

<Input udp> Module im_udp Host 0.0.0.0 Port 514 Exec parse_syslog(); </Input>

<Output out> Module om_tcp Host logs-01.loggly.com Port 514

Exec to_syslog_ietf(); Exec $raw_event =~ s/([.*])//g; $raw_event = replace($raw_event, '{', '[XXXXXXXXXXXXXXXXXXXXXXXX@41058 tag="windows"] {', 1);

#Use the following line for debugging (uncomment the fileop extension above as well) Exec file_write("C:\Program Files (x86)\nxlog\data\nxlog_output.log", $raw_event); </Output> <Route 1> Path udp, internal, eventlog => buffer => out Path udp, internal, eventlog => out </Route>

Permalink

#2 manuel.munozDeactivated Nxlog ✓ 3 years ago

#1 CM_035570

Trying to set up NXLog to send syslog info from network devices to Loggly. I can see that it's sending the data and then relaying it to Loggly, but it is NOT manipulating the headers for the inputs received via UDP 514. It does send the Windows information (which I don't even want). I can see the information going out, unchanged using wireshark. Below is what I've got set up, and I would appreciate any assistance (or maybe a WORKING configuration sample) to straighten this out. <Input udp> Module im_udp Host 0.0.0.0 Port 514 Exec parse_syslog(); </Input> <Output out> Module om_tcp Host logs-01.loggly.com Port 514 Exec to_syslog_ietf(); Exec $raw_event =~ s/([.*])//g; $raw_event = replace($raw_event, '{', '[XXXXXXXXXXXXXXXXXXXXXXXX@41058 tag="windows"] {', 1); #Use the following line for debugging (uncomment the fileop extension above as well) Exec file_write("C:\Program Files (x86)\nxlog\data\nxlog_output.log", $raw_event); </Output> <Route 1> Path udp, internal, eventlog => buffer => out Path udp, internal, eventlog => out </Route>

Can you please show an example of an input event and also an example of the format you want as output?