-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathnxlog-central.conf
118 lines (102 loc) · 2.93 KB
/
nxlog-central.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/docs/
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel INFO
# nxlog internal log rotation and retention
define NXLOGFILE %ROOT%\data\nxlog.log
# Custom variables
define JSONDIR %ROOT%\data
<Extension fileop>
Module xm_fileop
# Check the size of our log file every x time and rotate if it is larger than x MB
<Schedule>
Every 1 min
Exec if (file_size('%NXLOGFILE%') >= 20M) file_cycle('%NXLOGFILE%', 5);
</Schedule>
# Rotate our log file every week on sunday at midnight
<Schedule>
When @weekly
Exec file_cycle('%NXLOGFILE%', 5);
</Schedule>
</Extension>
<Extension syslog>
Module xm_syslog
</Extension>
<Extension json>
Module xm_json
</Extension>
# Listen to nxlog from other servers and forward to Logstash
<Input in_tcp>
Module im_tcp
Host 0.0.0.0
Port 5000
Exec create_stat("msgrate", "RATE", 60); add_stat("msgrate", 1);
<Schedule>
Every 60 sec
Exec log_info("throughput in_tcp " + get_stat("msgrate"));
</Schedule>
</Input>
# Read JSON files
<Input in_file_JSON>
Module im_file
File '%JSONDIR%\\*.json'
ReadFromLast True
SavePos True
Recursive True
</Input>
# Extract nxlog throughput metrics
<Extension metric>
Module xm_csv
Fields $date, $time, $loglevel, $tag, $instance, $epm
Delimiter ' '
QuoteChar '"'
EscapeControl FALSE
</Extension>
<Input in_metric>
Module im_file
File '%NXLOGFILE%'
ReadFromLast True
SavePos True
Recursive True
<Exec>
if $raw_event !~ /throughput (\w|-)* \d*$/ drop();
else {
metric->parse_csv();
$EventTime = $date + " " + $time;
$epm = integer($epm);
$type = "metric";
$hostname = lc(hostname());
delete($tag);
delete($loglevel);
delete($date);
delete($time);
delete($EventReceivedTime);
delete($SourceModuleName);
delete($SourceModuleType);
to_json();
}
</Exec>
</Input>
<Output out_logstash>
Module om_tcp
Host 192.168.0.10
Port 5000
OutputType LineBased
Exec create_stat("msgrate", "RATE", 60); add_stat("msgrate", 1);
<Schedule>
Every 60 sec
Exec log_info("throughput out_logstash " + get_stat("msgrate"));
</Schedule>
</Output>
<Route logstash>
Path in_tcp, in_file_JSON, in_metric => out_logstash
</Route>