Nxlog Sample

Nxlog can be used to collect log files in various formats and works on multiple platforms. In this example, we will provide a sample file for Windows Nxlog configuration to work with EPStack. Nxlog can be downloaded at http://nxlog.org/products/nxlog-community-edition/download.

High-level configuration steps:

  1. Download and install Nxlog on a windows machine.
  2. Adjust configuration files (default in the conf folder in the Nxlog program directory)
  3. Start the Nxlog service.

Sample Configuration of Nxlog

define ROOT C:\Program Files (x86)\nxlog
define CERT %ROOT%\cert
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension json>
Module xm_json

<Extension syslog>
Module xm_syslog

# Disable internal nxlog logging
#<Input internal>

# Module im_internal

# Windows Event Log
<Input eventlog>
# Uncomment im_msvistalog for Windows Vista/2008 and later
Module im_msvistalog

# Configure which logs to read
Query <QueryList>\
<Query Id="0">\
<Select Path="Application">*</Select>\
<Select Path="System">*</Select>\
<Select Path="Security">*</Select>\

# Uncomment im_mseventlog for Windows XP/2000/2003
# Module im_mseventlog
# Sources Application, Security, Setup, System

# Set output to EPStack
<Output out>

Module om_tcp
Port 3515

Exec $raw_event = to_json();

# Uncomment for debug output
# Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n");

# Tell Nxlog what to output
<Route 1>

Path eventlog => out

Was this article helpful?

Related Articles

Leave A Comment?