Hi,

I want to include the fqdn of the server sending logs in the raw_event. I
am using this configuration

<Input confluence>
    Module  im_file
    File    "/var/log/test.log"
    SavePos TRUE
    Exec    $raw_event=$raw_event+'|server:'+hostname_fqdn()+'|';
</Input>

Sending the log to logstash in the same host for testing using

<Output confluence_out>
    Module  om_tcp
    Host    localhost
    Port    3516
</Output>

And I am receiving the log truncated, missing first character of the log
line. Testing with "Test" string I receive

{
         "@source" => "tcp://127.0.0.1:49388/",
           "@tags" => [
        [0] "nxlog",
        [1] "_jsonparsefailure",
        [2] "multiline",
        [3] "_grokparsefailure"
    ],
         "@fields" => {
        "log_level_alert" => [
            [0] "%{@fields.log_level}"
        ]
    },
      "@timestamp" => "2013-07-23T21:11:59.945Z",
    "@source_host" => "127.0.0.1",
    "@source_path" => "/",
        "@message" => "*est*|server:Debian607.vagrantup.com|\n",
           "@type" => "confluence"
}

What is truncating the first character of the log? Is there a better way to
include the fqdn in the event?

Thanks

Enrique.




Full nxlog.conf (in the sender)

root@Debian607:~# cat /etc/nxlog/nxlog.conf
########################################
# Global directives                    #
########################################

User nxlog
Group nxlog
LogFile /var/log/nxlog/nxlog.log
LogLevel INFO

########################################
# Inputs                               #
########################################

<Input internal>
    Module      im_internal
</Input>


<Input confluence>
    Module  im_file
    File    "/var/log/test.log"
    SavePos TRUE
    Exec    $raw_event=$raw_event+'|server:'+hostname_fqdn()+'|';
</Input>


########################################
# Output                               #
########################################


<Output confluence_out>
    Module  om_tcp
    Host    localhost
    Port    3516
</Output>


########################################
# Routes                               #
########################################


<Route confluence>
    Path  confluence => confluence_out
</Route>

-------------------------------------------------------------------------------------------------
Full logstash.conf (in the receiver)


input {
  tcp {
    type   => "confluence"
    port   => 3516
    format => 'json'
    tags => ["nxlog"]
  }
}

filter {
  multiline {
    type => "confluence"
    pattern => "^20"
    negate => true
    what => "previous"
    add_tag => ["multiline_confluence"]
  }

  grok {
    type => "confluence"
    pattern => "%{DATESTAMP},%{NUMBER} %{LOGLEVEL:log_level}
\[%{JAVAFILE:thread}\] \[%{JAVACLASS:class}\]"
    add_tag => ["matched_confluence"]
  }

}

output {
   stdout {
     type => "confluence"
     debug => true
   }
}
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users

Reply via email to