NXlog to read the contents of several files in a directory and send them to a Syslog Watcher server

Post a different question
3
responses

Hello NXLog user,

I'm new to Nxlog and I'm looking to send the contents of files (*.log) located in a single directory to a Syslog Watcher server (snmpsoft).
A trace can be on one or multiple lines but each start of a new trace starts with the time.

Here is an example of a trace on one line (columns => time type severity thread file function content) :

17:13:00.000 APP__ WARNING 1aa20b54100 <capp.cpp:56> [[CApp::ExistInDirectory]] File 'tool.exe' not found in C:/prog

Here is an example of multiple traces and one on multiple line (columns => time type severity thread file function content) :

10:57:25.924 SQL__ ERROR__ 20d962b1270 <csqlquery.cpp:292> [[CSqlQuery::ErrQuery]] [cnx2238] [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Violation de la contrainte PRIMARY KEY « PK__T__3214EC27053CB3F2 ». Impossible d'insérer une clé en double dans l'objet « B.T ». Valeur de clé dupliquée : (44422). [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]L'instruction a été arrêtée. QODBC3: Impossible d'exécuter l'instruction
* Source query *
..
* Query with values *
...

10:57:25.926 APP__ ERROR__ 20d962b1270 <chistosystemautomate.cpp:67> [[CHistoSystemAutomate::MsgReceivedSystem]] {
"code": 500004,
"details": "",
"message": "Impossible d'exécuter la requête SQL."
}

Nxlog.conf that I tried to do

Panic Soft
#NoFreeOnExit TRUE

define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %ROOT%\data\nxlog.log
LogFile %LOGFILE%

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data

<Extension _syslog>
Module xm_syslog
</Extension>

<Input messages>
Module im_file
File "C:\Users\toto\Documents\nxlog\*.log"
Exec $Message = $raw_event;
</Input>

<Output tcp>
Module om_tcp
Host 0.0.0.0
Port 514
Exec to_syslog_bsd();
</Output>

<Output udp>
Module om_udp
Host 0.0.0.0
Port 514
Exec to_syslog_bsd();
</Output>

<Route messages_to_tcp>
Path messages => tcp
</Route>

<Route messages_to_udp>
Path messages => udp
</Route>

Can you help me to write the conf file.

A big thank you in advance

Christophe

AskedMarch 5, 2021 - 5:52pm

Answer (1)

Hello NXLog user,

I forgot to specify that I use the community edition.

I tried to modify the configuration (Nxlog.conf) but without success :-(

Panic Soft
#NoFreeOnExit TRUE

define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %ROOT%\data\nxlog.log
LogFile %LOGFILE%

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data

<Extension _syslog>
Module xm_syslog
</Extension>

<Input messages>
Module im_file
File "C:\Users\toto\Documents\nxlog\*.log"
<Exec>
if $raw_event =~ /(\d\d:\d\d:\d\d.\d\d\d)/
$EventTime = parsedate($1);
else $EventTime = now();

$Hostname = 'myhost';

$SourceName = file_name();

if $raw_event =~ /ERROR__/ $Severity = 'ERROR';
else if $raw_event =~ /WARNING__/ $Severity = 'WARNING';
else if $raw_event =~ /INFO__/ $Severity = 'INFO';
else if $raw_event =~ /DEBUG__/ $Severity = 'DEBUG';

if $raw_event =~ /^(\d\d:\d\d:\d\d.\d\d\d)\ (\S+)\ (\S+)\ (.*)/
$Message = $4;

to_syslog_bsd();
</Exec>
</Input>

<Output udp>
Module om_udp
Host 172.16.93.29
Port 514
</Output>

<Route messages_to_udp>
Path messages => udp
</Route>

AnsweredMarch 8, 2021 - 6:24pm

Comments (2)