xm_netflow
Hello
I'm trying to use xm_netflow in NXLog EE.
My configuration:
<Extension netflow> Module xm_netflow </Extension>
<Extension json> Module xm_json </Extension>
<Input in_10533_netflow_udp> Module im_udp Host 0.0.0.0 Port 10533 InputType netflow </Input>
<Route route_10533_netflow> Path in_10533_netflow_udp => out_file </Route>
<Output out_file> Module om_file File "/opt/nxlog/var/log/out.log" Exec to_json(); </Output>
But I get an error when I try run nxlog: Jun 24 12:27:50 xxx.evil.corp nxlog[3734]: 2022-06-24 12:27:50 ERROR [CORE|main] Invalid InputType 'netflow' at netflow.conf
What i do wrong?
RPMs:
rpm -qa | grep nxlog
nxlog-kafka-5.3.6735-1.el7_9.x86_64 nxlog-python-5.3.6735-1.el7_9.x86_64 nxlog-5.3.6735-1.el7_9.x86_64
The problem was in the config structure.
My extensions were in nxlog.conf file. The rest of the parts were divided into directories:
include %CONFDIR%/1_input/.conf include %CONFDIR%/2_route/.conf include %CONFDIR%/3_processor/.conf include %CONFDIR%/4_subroute/.conf include %CONFDIR%/5_subprocessor/.conf include %CONFDIR%/6_output/.conf
The error went away after adding a separate directory for extensions before other directories:
include %CONFDIR%/0_extension/.conf include %CONFDIR%/1_input/.conf include %CONFDIR%/2_route/.conf include %CONFDIR%/3_processor/.conf include %CONFDIR%/4_subroute/.conf include %CONFDIR%/5_subprocessor/.conf include %CONFDIR%/6_output/*.conf
