I want to archive some logs and forward the rest for processing. For
example I want to archive all Symantec connections to a file and send the
rest for analysis. I tried the reroute command, but get the following
error. I cant seem to figure out how to configure it differently.
2014-06-10 15:47:21 ERROR Couldn't parse Exec block at
/etc/nxlog/conf.d/symantec.conf:9;couldn't parse statement at line 9,
character 60 in /etc/nxlog/conf.d/symantec.conf;syntax error, unexpected ),
expecting (
<Input null_in>
Module null_in
</Input>
<Input symantec>
Module im_tcp
Port 5150
Host 0.0.0.0
Exec if $raw_message =~ /LiveUpdate/ reroute(liveupdate);
</Input>
<Output logstash-symantec>
Module om_tcp
Port 5150
Host 192.168.1.1
</Output>
<Output livelog>
Module om_file
File "/var/log/nxlog/liveupdate.log"
</Output>
<Route symantec>
Path symantec => logstash-symantec
</Route>
<Route liveupdate>
Path null_in => livelog
</Route>
--
Ash Kumar
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
