Created
May 7, 2017 17:50
Star
You must be signed in to star a gist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## This is a sample NXLog configuration file | |
## This configuration can be used to collect syslog messages from any RFC 5426 capable device | |
## and write those logs to a file which can be picked up by the Log Analytics agent | |
## Thanks to jorritfolmer for initial inspiration here: https://gist.github.com/jorritfolmer/bc6374b48bde2ba99f983cc0889da8a9 | |
## | |
define ROOT C:\Program Files (x86)\nxlog | |
Moduledir %ROOT%\modules | |
CacheDir %ROOT%\data | |
Pidfile %ROOT%\data\nxlog.pid | |
SpoolDir %ROOT%\data | |
LogFile %ROOT%\data\nxlog.log | |
<Extension syslog> | |
Module xm_syslog | |
</Extension> | |
<Extension fileop> | |
Module xm_fileop | |
</Extension> | |
################################################ | |
## Inputs | |
################################################ | |
## Injest syslog over UDP port 514 from any host in IETF format | |
<Input syslog_in> | |
Module im_udp | |
Host 0.0.0.0 | |
Port 514 | |
Exec parse_syslog_ietf(); | |
</Input> | |
############################################### | |
## Use this processor to filter out syslog based on severity | |
## Remember to add the processor to the Route | |
#<Processor syslog-severity-limit> | |
# Module pm_filter | |
# Condition $SeverityLevel > 5 | |
#</Processor> | |
################################################ | |
################################################ | |
## Outputs | |
################################################ | |
## Output syslog to file for pickup by OMS agent | |
<Output syslog_out_file> | |
Module om_file | |
File "C:/nxlog/syslog/" + $MessageSourceAddress + ".log" | |
CreateDir TRUE | |
Exec if (syslog_out_file->file_size() > 10M ) file_cycle("C:/nxlog/syslog/" + $MessageSourceAddress + ".log",5); | |
Exec syslog_out_file->reopen(); | |
</Output> | |
<Route to_LogAnalytics> | |
Path syslog_in => syslog_out_file | |
</Route> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment