How to write windows events to a new file every 1 min
#1
gtarone
Hi All, I want to write windows events to a new file every 1 min. As of now, I have the following Output block in my conf which works. It is given below,
<Output file>
Module om_file
File "C:\\Program Files (x86)\\nxlog\\data\\nxlog-output.json"
<Schedule>
Every 1 min
Exec rotate_to(file_name() + strftime(now(), '_%Y-%m-%d_%H-%M-%S'));
</Schedule>
</Output>
But in this case, I always write to the same file i.e "C:\Program Files (x86)\nxlog\data\nxlog-output.json" and after 1 min, the data is saved in other file with naming convention mentioned above. I want to create a new file every 1 min with above naming convention and then write to that file instead of writing to the same file.
**How can I do this? Admins please guide. **
#1
gtarone
Hi All,
I want to write windows events to a new file every 1 min.
As of now, I have the following Output block in my conf which works. It is given below,
<Output file>
Module om_file
File "C:\\Program Files (x86)\\nxlog\\data\\nxlog-output.json"
<Schedule>
Every 1 min
Exec rotate_to(file_name() + strftime(now(), '_%Y-%m-%d_%H-%M-%S'));
</Schedule>
</Output>
But in this case, I always write to the same file i.e "C:\Program Files (x86)\nxlog\data\nxlog-output.json" and after 1 min, the data is saved in other file with naming convention mentioned above.
I want to create a new file every 1 min with above naming convention and then write to that file instead of writing to the same file.
**How can I do this? Admins please guide. **
Hi Ganesh,
One way to solve this is to rename the file to a minute prior to the time the file was created. Consider the configuration below.
<Output file>
Module om_file
File "C:\\Program Files (x86)\\nxlog\\data\\nxlog-output.json"
<Schedule>
Every 1 min
Exec rotate_to(file_name() + strftime((now() - 60) , '_%Y-%m-%d_%H-%M-%S') + ".log");
</Schedule>
</Output>
Regards,
Jeffron
