Hello Experts,
I'm collecting all the logs using nxlog shipper to nxlog server. But the
end message contains hostname as well. How do we separate hostname from
message ? I see that keep_hostname is used to accomplish this. I'm
providing my nxlog server nxlog.conf.
Can anyone give me an example for setting this up?
User nxlog
Group nxlog
LogFile /var/log/nxlog/nxlog.log
LogLevel INFO
define LOGFILE "/var/log/nxlog/nxlog.log"
<Extension nxlog_file>
Module xm_fileop
# Rotate our log file
<Schedule>
When @daily
Exec file_cycle(%LOGFILE%, 7);
</Schedule>
</Extension>
<Extension charconv>
Module xm_charconv
AutodetectCharsets utf-8, euc-jp, utf-16, utf-32, iso8859-2
</Extension>
<Extension fileop>
Module xm_fileop
</Extension>
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension json>
Module xm_json
</Extension>
<Input in_tcp>
Module im_tcp
Host 0.0.0.0
Port 5144
Exec convert_fields("AUTO", "utf-8");
Exec if $raw_event =~ /(\{\")(.*)/ $raw_event = $1 + 'LogServer":"'
+ $Hostname + '",' + '"SourceIP":"' + $MessageSourceAddress + '","' + $2;
</Input>
<Output out_tcp>
Module om_tcp
Port 5146
Host 0.0.0.0
#keep_hostname(yes)
</Output>
<Output out>
Module om_null
</Output>
<Route input_to_tcp>
Path in_tcp => out_tcp
</Route>
<Route input_to_file>
Path in_tcp => file
</Route>
--
Great Day,
Karunakar.U
E lkarunaka...@gmail.com
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
