Hi, I write to you with a problem. For some time I’ve been trying to configure NXlog so that it parses the xml file that I get from the Kismet tool. I want graylog to show me all the information about the found Wi-fi networks. Based on the guides on the Internet, I carried out the Nxlog configuration. Here I put the nxlog.conf file
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally under
## /usr/share/doc/nxlog-ce/ and is also available online at
## http://nxlog.org/docs
########################################
# Global directives #
########################################
User nxlog
Group nxlog
LogFile /var/log/nxlog/nxlog.log
LogLevel INFO
########################################
# Modules #
########################################
<Extension _gelf>
Module xm_gelf
</Extension>
<Extension multiline>
Module xm_multiline
HeaderLine /^<event>/
EndLine /^</event>/
</Extension>
<Extension xmlparser>
Module xm_xml
</Extension>
<Extension json>
Module xm_json
</Extension>
<Input in>
Module im_file
File "/root/Magisterka/wifiids/test.xml"
SavePos FALSE
ReadFromLast FALSE
InputType multiline
<Exec>
# Discard everything that doesn't seem to be an xml event
if $raw_event !~ /^<event>/ drop();
# Parse the xml event
parse_xml();
# Rewrite some fields
$EventTime = parsedate($timestamp);
delete($timestamp);
delete($EventReceivedTime);
# Convert to JSON
to_json();
</Exec>
</Input>
<Output out>
Module om_udp
Host 192.168.75.138
Port 12201
OutputType GELF
</Output>
<Route 1>
Path in => out
</Route>
Unfortunately, in this configuration an error message appears when you try to add an entry to the gray log and start it. Below is the configuration of the graylog input
I am using grayloga as a virtual machine, the system on which the xml file is located is installed on a separate virtual machine.
Virtual machine with graylog IP: 192.168.75.138
Machine with an xml file IP: 192.168.75.139
