1
response

Hi All,

I've setup NXLog to read an application log file and forward the raw_event to Graylog manager. It seems initially when I start NXLog everything works correctly and the Headerline correctly breaks the log sections but after a while it seems to ignore the headerline and individual lines start coming through to graylog. I've loaded the log into regex testers and confirmed that the headerline is correctly recognised, is there anything else I can try? Can I confirm this is an NXLog issue instead of Graylog in some way?

<Extension proforma_email_parse>
Module xm_multiline
HeaderLine /\d\d\d\d\/\d\d\/\d\d \d\d:\d\d:\d\d.\d\d\d .... ........ ----------------------------------------------------/
</Extension>

<Input proforma_email>
Module im_file
File "D:\Program Files\ProformaEmailService\Logs\ProformaEmail_*.txt"
SavePos true
ReadFromLast true
Exec $Message = $raw_event;
InputType proforma_email_parse
</Input>

Thanks

AskedMarch 12, 2021 - 10:59am

Answer (1)

Hi,

I'm not aware of any issues here . Could you share your whole conf file and samples of data stored in your file?

Have you checked whether incoming data is always in the same format?

Best regards,
Rafal