2
responses

Hi!

We have some logs that we would like for NXLog to monitor.
The logs are located in a folder where lots of logs also reside.
For that reason we don't wish to use a wildcard, because many of the logs we don't care to monitor.

How can we in a single input module monitor three files, say file1, file2, and file3?

The information found here indicates that you can use multiple File directives but when I tried it didn't work.

Example:

<Input inLog>
  Module  im_file
  File  "/var/log/file1.log"
  File  "/var/log/file2.log"
  File  "/var/log/file3.log"
  <Exec>
    $logtime = strptime($raw_event, '%Y-%m-%d %H:%M:%S');
    $timestamp = strftime($logtime, '%s');
    $server = hostname_fqdn();
    if $raw_event =~ /\[INFO\]/ $log_type = 'INFO';
    if $raw_event =~ /\[WARNING\]/ $log_type = 'WARNING';
    if $raw_event =~ /\[ERROR\]/ $log_type = 'ERROR';
  </Exec>
</Input>

Do I need three different input modules or can I use just one?

Thanks in advance!

AskedDecember 3, 2020 - 10:25pm

Answer (1)

Hello,

Please note, that you are referring to the docs of Enterprise Edition, where this is, indeed, possible. The NXLog Community Edition im_file documentation is here.

Isn't there any other way to distinguish logs you want to pick?

Regards,
Rafal

Comments (1)

  • casey1234's picture

    Hi,

    Sorry I wasn't specific. I don't know of an EE forum so I posted here.
    I am using Enterprise Edition but didn't realize the multiple file directive was limited to only EE.

    How would I do this in EE?

    Thanks again!