NXLog
Overview
NXLog is an open source tool that can convert log data into JSON for easy searching and analysis.
NXLog can be configured to write to a new log file, or to send data directly to InsightOps.
Installation & Configuration
Download and install the latest version of nxlog, which you can find here. Please install nxlog locally and set the ROOT to the folder in which your nxlog was installed, otherwise nxlog will not start.
Below is a sample configuration file. Please see the nxlog reference manual about additional configuration options.
Once installed, open the Nxlog configuration file located at: C:\Program Files (x86)\nxlog\conf\nxlog.conf
and paste the following into to the file, adjusting for your account as necessary:
text
1## This is a sample configuration file. See the nxlog reference manual about the2## configuration options. It should be installed locally and is also available3## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html45## Please set the ROOT to the folder your nxlog was installed into,6## otherwise it will not start.78#define ROOT C:\Program Files\nxlog9define ROOT C:\Program Files (x86)\nxlog1011Moduledir %ROOT%\modules12CacheDir %ROOT%\data13Pidfile %ROOT%\data\nxlog.pid14SpoolDir %ROOT%\data15LogFile %ROOT%\data\nxlog.log1617# Include fileop when rotating logs or while debugging, also enable in the output module below18#<Extension fileop>19# Module xm_fileop20#</Extension>2122# Create the parse rule for IIS logs. You can copy these from the header of the IIS log file.23<Extension w3c>24Module xm_csv25Fields $date, $time, $s_ip, $cs_method, $cs_uri_stem, $cs_uri_query, $s_port, $cs_username, $c_ip, $cs_User_Agent, $cs_Referer, $sc_status, $sc_substatus, $sc_win32_status, $time_taken26FieldTypes string, string, string, string, string, string, integer, string, string, string, string, integer, integer, integer, integer27Delimiter ' '28</Extension>2930<Extension json>31Module xm_json32</Extension>3334<Extension syslog>35Module xm_syslog36</Extension>3738<Input internal>39Module im_internal40Exec $Message = to_json();41</Input>4243<Input eventlog>44#This is the Windows Event Log Section - for 2008 and above use im_msvistalog - for 2003 and earlier, use im_mseventlog45#46Module im_msvistalog47# For windows 2003 and earlier use the following:48# Module im_mseventlog4950# Prepend the JSON event with the log token if you're sending directly to InsightOps51Exec $raw_event = "<LOG TOKEN GOES HERE>" + to_json();5253# If you're writing to a log file, then no need for the token54# Exec $raw_event = to_json();5556</Input>5758<Output eventlog_out>59# use this module to write to a text file that the agent can send in60#Module om_file61#file 'c:\test\eventlog.txt'62#Rotate created files63#<Schedule>64#Every 1 hour65#Exec file_cycle('c:\test\eventlog.txt', 2);66#Exec eventlog_out->reopen();67#</Schedule>6869# send log entries directly to InsightOps70Module om_tcp71Host ENDPOINT72Port PORT73</Output>747576<Route EventLog>77Path eventlog => eventlog_out78</Route>79
Set up Event Source
Log in to InsightOps Click the “Add Data” link in top navigation Click “Quick add” Create a new log using Token TCP option -Make note of the token and endpoint that are displayed when the log is created
Configure NXLog
Replace the nxlog.conf file with the sample above.
Replace the “
Restart the Nxlog service
Open the services tool in the start menu. Search for nxlog in the services and then select restart. This will restart nxlog and follow the new configuration.
Troubleshooting
If you find that the nxlog is not sending data, information can be found in the nxlog at File C:\\Program Files (x86)\\nxlog\\data\\nxlog.log