Hello Amit.
This is a working NXLOG configuration. You can use this as example.
Cheers.
Mehmet
########################################
# Global directives #
########################################
User root
#User nxlog
Group nxlog
LogFile /var/log/nxlog/nxlog.log
LogLevel INFO
########################################
# Modules #
########################################
<Extension gelf>
Module xm_gelf
</Extension>
<Input in1>
Module im_file
File "/var/log/messages"
SavePos TRUE
</Input>
<Input access_log>
Module im_file
File "/var/log/httpd/access_log"
Exec if $raw_event =~ /^(\S+) (\S+) (\S+) \[([^\]]+)\] \"(\S+)
(.+) HTTP.\d\.\d\" (\d+) (\d+) \"([^\"]+)\" \"([^\"]+)\"/\
{ \
$Hostname = $1; \
if $3 != '-' $AccountName = $3; \
$EventTime = parsedate($4); \
$HTTPMethod = $5; \
$HTTPURL = $6; \
$HTTPResponseStatus = $7; \
$FileSize = $8; \
$HTTPReferer = $9; \
$HTTPUserAgent = $10; \
}
</Input>
<Output graylog_out>
Module om_udp
Host 192.168.100.111
Port 12201
OutputType GELF_UDP
</Output>
########################################
# Routes #
########################################
<Route 1>
Path in1 => graylog_out
</Route>
<Route 2>
Path access_log => graylog_out
</Route>
On Monday, December 14, 2015 at 7:49:04 PM UTC+2, Amit Sharma wrote:
>
> HI,
>
> I am trying to get logs from tomcat through nxlog.
>
> can you please suggest what changes i need to make in config file of
> nxlog.conf ?
>
> Linux - Centos 6.6
> tomcat logs file location - /vol1/apache-tomcat-8.0.15/logs/catalina.out
> graylog host - lb01-graylog
> port - lb01-graylog
>
>
>
> ## This is a sample configuration file. See the nxlog reference manual
> about the
> ## configuration options. It should be installed locally under
> ## /usr/share/doc/nxlog-ce/ and is also available online at
> ## http://nxlog.org/docs
>
> ########################################
> # Global directives #
> ########################################
> User nxlog
> Group nxlog
>
> LogFile /var/log/nxlog/nxlog.log
> LogLevel INFO
>
> ########################################
> # Modules #
> ########################################
> <Extension _syslog>
> Module xm_syslog
> </Extension>
>
> <Input in1>
> Module im_udp
> Port 514
> Exec parse_syslog_bsd();
> </Input>
>
> <Input in2>
> Module im_tcp
> Port 514
> </Input>
>
> <Output fileout1>
> Module om_file
> File "/var/log/logmsg.txt"
> Exec if $Message =~ /error/ $SeverityValue =
> syslog_severity_value("error");
> Exec to_syslog_bsd();
> </Output>
>
> <Output fileout2>
> Module om_file
> File "/var/log/logmsg2.txt"
> </Output>
>
> ########################################
> # Routes #
> ########################################
> <Route 1>
> Path in1 => fileout1
> </Route>
>
> <Route tcproute>
> Path in2 => fileout2
> </Route>
>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/b115d1dc-fbf6-4f0e-afee-2d5bfd468b76%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
