Re: [nxlog-ce-users] keep hostname

Mon, 03 Mar 2014 01:33:24 -0800 

Hi,

The "keep_hostname" thing is from syslog-ng. Are you subscribed to
the wrong mailing list? 
Otherwise it looks like you need parse_syslog(), though it is just a guess
since we don't know what your input is.

Regards,
Botond


On Fri, 28 Feb 2014 12:23:29 -0800
venkat uk <lkarunaka...@gmail.com> wrote:

> Hello Experts,
> 
> I'm collecting all the logs using nxlog shipper to nxlog server. But the
> end message contains hostname as well. How do we separate hostname from
> message ? I see that keep_hostname is used to accomplish this. I'm
> providing my nxlog server nxlog.conf.
> Can anyone give me an example for setting this up?
> 
> User nxlog
> Group nxlog
> LogFile /var/log/nxlog/nxlog.log
> LogLevel INFO
> define LOGFILE "/var/log/nxlog/nxlog.log"
> <Extension nxlog_file>
>     Module      xm_fileop
>     # Rotate our log file
>     <Schedule>
>         When    @daily
>         Exec    file_cycle(%LOGFILE%, 7);
>     </Schedule>
> </Extension>
> <Extension charconv>
>     Module      xm_charconv
>     AutodetectCharsets utf-8, euc-jp, utf-16, utf-32, iso8859-2
> </Extension>
> <Extension fileop>
>     Module      xm_fileop
> </Extension>
> <Extension _syslog>
>     Module      xm_syslog
> </Extension>
> <Extension json>
>     Module      xm_json
> </Extension>
> <Input in_tcp>
>         Module im_tcp
>         Host    0.0.0.0
>         Port    5144
>        Exec    convert_fields("AUTO", "utf-8");
>         Exec if $raw_event =~ /(\{\")(.*)/ $raw_event = $1 + 'LogServer":"'
> + $Hostname + '",' + '"SourceIP":"' + $MessageSourceAddress + '","' + $2;
> </Input>
> <Output out_tcp>
>     Module      om_tcp
>     Port        5146
>     Host        0.0.0.0
>    #keep_hostname(yes)
> </Output>
> <Output out>
>    Module  om_null
> </Output>
> <Route input_to_tcp>
>      Path        in_tcp => out_tcp
> </Route>
> <Route input_to_file>
>     Path        in_tcp => file
> </Route>
> 
> 
> -- 
> 
> Great Day,
> Karunakar.U
> E lkarunaka...@gmail.com

------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works. 
Faster operations. Version large binaries.  Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users

Reply via email to