We would like to send log files from a directory such as C:\Logs to our logpoint server.
What needs to be entered in nxlog.conf?
Page 1 / 1
We don’t normally work directly with nxlog.conf (or nxlog) anymore, but the NXLog documentation is probably the best place for anything to do with it - specifically the file directive is documented here: https://docs.nxlog.co/refman/current/im/file.html . It also has a few examples, so hopefully that helps.
Hi Ronny, this will get you going with your task. :)
## LB Forsikring logs til Eget LogPoint system E-Boks Kviterings filer v 2.0
## Kai Gustafson 08/05-2023
## comments
## 64 Bit Version
define ROOT C:\Program Files\nxlog
ModuleDir %ROOT%\modules
CacheDir %ROOT%\data
PidFile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
define Cdrive C:\Logs
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
# Note that these two lines define constants only; the log file location
# is ultimately set by the `LogFile` directive (see below). The
# `MYLOGFILE` define is also used to rotate the log file automatically
# (see the `_fileop` block).
define LOGDIR %ROOT%\data
define MYLOGFILE %LOGDIR%\nxlog.log
# By default, `LogFile %MYLOGFILE%` is set in log4ensics.conf. This
# allows the log file location to be modified via NXLog Manager. If you
# are not using NXLog Manager, you can instead set `LogFile` below and
# disable the `include` line.
LogFile %MYLOGFILE%
#include %CONFDIR%\log4ensics.conf
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension _json>
Module xm_json
</Extension>
#Get C-drive logs files
<Input CdriveLogs>
Module im_file
File '%Cdrive%\*.log'
SavePos TRUE
ReadFromLast TRUE
PollInterval 1
</Input>
#Internal NXlog messages
<Input Internal>
Module im_internal
</Input>
<Input EventLog>
Module im_msvistalog
# By default we collect 'Application', 'System', and 'Security'
Query <QueryList> \
<Query Id="0"> \
<Select Path="Microsoft-Windows-Sysmon/Operational">*</Select> \
<Select Path="Application">*</Select> \
<Select Path="System">*</Select> \
<Select Path="Security">*</Select> \
</Query> \
</QueryList>
Exec $Hostname = hostname_fqdn();
</Input>
#Syslog to LogPoint server
<Output out>
Module om_udp
Host xx.xx.xx.xx:514
Exec to_json();$Message=$raw_event;to_syslog_bsd();
</Output>
<Output Cdrive_out>
Module om_udp
Host xx.xx.xx.xx:514
Exec $SourceName = 'CdriveFiles';
Exec to_syslog_bsd();
</Output>
<Route 1>
Path eventlog, internal => out
</Route>
<Route 2>
Path CdriveLogs => Cdrive_out
</Route>
Regards Kai
Reply
Sign up
Already have an account? Login
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInLogin to the community
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInEnter your E-mail address. We'll send you an e-mail with instructions to reset your password.