On Mon, 3 Aug 2015, David Lang wrote:
>
> On Mon, 3 Aug 2015, Botond Botyanszki wrote:
>
>> On Mon, 3 Aug 2015 06:25:59 -0700 (PDT)
>> David Lang <[email protected]> wrote:
>>
>>> after the first mark message is generated, and these three lines are
>>> executed
>>>
>>> Exec set_var('logcount', 5 );
>>> Exec set_var('logcount', ( get_var('logcount') + 1 ) );
>>> Exec set_var('maxsize', size($raw_event));
>>>
>>> why are these two variables undef?
>>
>> I just tested and it works as expected:
>>
>> <14>Aug 3 16:48:40 xxx @cee:{"EventTime":"2015-08-03
>> 16:48:40","Hostname":"xxx","Message":"","SeverityValue":2,"Severity":"","SourceName":"","ProcessID":13785,"EventReceivedTime":"2015-08-03
>> 16:48:40","SourceModuleName":"","SourceModuleType":"","longestline":null,"logcount":null}
>
>> <14>Aug 3 16:49:40 xxx @cee:{"EventTime":"2015-08-03
>> 16:49:40","Hostname":"xxx","Message":"","SeverityValue":2,"Severity":"","SourceName":"","ProcessID":13785,"EventReceivedTime":"2015-08-03
>> 16:49:40","SourceModuleName":"","SourceModuleType":"","longestline":291,"logcount":6}
>
>> <14>Aug 3 16:50:40 xxx @cee:{"EventTime":"2015-08-03
>> 16:50:40","Hostname":"xxx","Message":"","SeverityValue":2,"Severity":"","SourceName":"","ProcessID":13785,"EventReceivedTime":"2015-08-03
>> 16:50:40","SourceModuleName":"","SourceModuleType":"","longestline":287,"logcount":6}
>
> were there any events between these three? If so, the logcount variable should
> not have been 6 each time, it should have been incremented for the messages in
> between the messages
still not working for me. Here's the full config in case there is something
else
I messed up
I can understand why I get nulls initially, but once the mark runs and creates
the variables (with no lifetime limits), why do the following eventlog entries
get undef? The variables aren't per section or something like that are they?
David Lang
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LOGFILE C:\Program Files (x86)\nxlog\data\nxlog.log
LogLevel INFO
SuppressRepeatingLogs FALSE
NoCache TRUE
FlowControl FALSE
<Extension fileop>
Module xm_fileop
</Extension>
<Extension charconv>
Module xm_charconv
AutodetectCharsets utf-8, euc-jp, utf-16, utf-32, iso8859-2
</Extension>
<Extension syslog>
Module xm_syslog
</Extension>
<Extension json>
Module xm_json
</Extension>
<Input internal>
Module im_internal
Exec convert_fields("AUTO", "utf-8");
Exec $hostname = hostname();
Exec $Message = "@cee:" + to_json();
Exec set_var('logcount', get_var('logcount') +1 );
Exec if size($raw_event) > get_var('maxsize') { set_var('maxsize',
size($raw_event)); }
</Input>
<Input mark>
Module im_mark
MarkInterval 1
Mark "nxlog heartbeat"
Exec convert_fields("AUTO", "utf-8");
Exec $hostname = hostname();
Exec $longestline = get_var('maxsize');
Exec $messagesgenerated = get_var('logcount');
Exec $messagessent = get_var('logioutcount');
Exec $Message = "@cee:" + to_json();
# reset counts
Exec create_var('maxsize');
Exec create_var('logcount');
Exec create_var('logoutcount');
Exec set_var('logcount', 1 );
Exec set_var('logoutcount', 1 );
Exec set_var('maxsize', size($raw_event));
</Input>
<Input eventlog>
Module im_msvistalog
SavePos True
ReadFromLast True
PollInterval 1
Exec $SourceName = "ms-" + $Channel;
Exec $hostname = hostname();
Exec $longestline = get_var('maxsize');
Exec $messagesgenerated = get_var('logcount');
Exec $messagessent = get_var('logioutcount');
Exec $Message = "@cee:" + to_json();
Exec set_var('logcount', get_var('logcount') +1 );
Exec if size($raw_event) > get_var('maxsize') { set_var('maxsize',
size($raw_event)); }
</Input>
<Output out>
Module om_tcp
Host 192.168.254.52
Port 514
# the following works around the problem that nxlog sends the system
lineending over
# the network, so on windows it send \r\n not just \n
OutputType Dgram
Exec to_syslog_bsd();
Exec set_var('logoutcount', get_var('logoutcount') +1 );
Exec $raw_event = $raw_event + "\n";
</Output>
<Route r>
Path mark,internal,eventlog => out
</Route>
sample of the output over time
from my central logserver
# zcat `ls -tr |tail -1` |cut -f 5- -d : |jq '{ "len": .longestline, "gen":
.messagesgenerated, "sent": .messagessent }' -c
{"len":52,"gen":1,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":52,"gen":1,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":52,"gen":1,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":52,"gen":1,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
{"len":null,"gen":null,"sent":null}
------------------------------------------------------------------------------
_______________________________________________
nxlog-ce-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
