-
Notifications
You must be signed in to change notification settings - Fork 6
wlog nxlog integration using agent
Nxlog is a powerfull free and opensource project that look for log file changes and allow you to do some action.
Nxlog can be easily configured to send logs into wlog platform following this easy guide
1.Install Nxlog downloading from official site.It is available for windows and most common unix distribution 2.Locate and change nxlog.conf, where configuration is stored.
After program have been installed, double check that it is running and scheduled as a service. This should be done automatically during install
After log file was found (in windows is located in \nxlog\conf\nxlog.conf) you have to open it and add following settings:
- enable json log format
- Add input parsing
- Add output format
- Route input logs to output
Uncomment or add following statement that enable module xm_json, used to convert collected variables into log.
<Extension json>
Module xm_json
</Extension>Suppose your log, locate in C:\Temp\test_log.txt, is in format
2017-10-12 12:13:14.444 [hostname] [123] [1236] [ERROR] [Syste.Web.ClassName] Message to log is here
You need to add an input like this:
<Input test_log>
Module im_file
File 'C:\Temp\test_log.txt'
SavePos TRUE
Exec if $raw_event =~ /^(\d{4}\-\d{2}\-\d{2} \d{2}\:\d{2}\:\d{2}.\d{3}) \[(\S+)\] \[(\S+)\] \[(\S+)\] \[(\S+)\] \[(.*)\] \[(.*)\] (.*)/s \
{ \
$time = $1; \
$hostname = $2; \
$activityId = $3; \
$userIddeviceId = $4; \
$threadId = $5; \
$level = $6; \
$logger = $7; \
$message = $8; \
} \
else \
{ \
$Message='DROPPED';\
}
Exec $SourceDate=$time;
Exec $Message=$message;
Exec $Level=$level;
Exec $ApplicationKey='8446E067-2EFA-43E8-B26B-327D129B3E09';
Exec to_json();
Exec $raw_event='['+$raw_event+']';
</Input>Please change your path and application key before use it. You can adapt regular expression according with your log format.
This section tell to nxlog where output incoming logs. This must be simply a post to wlog rest api.
<Output out>
Module om_http
URL http://localhost:55044/api/Log
HTTPSAllowUntrusted TRUE
ContentType text/json
</Output>Please change URL parameter to your endpoint.
This step is needet to connect input to output, and it is quite simple to understand:
<Route test_log>
Path test_log => out
</Route>
Multiple input log can be sent to same output, just separate input names with commas.