Hi Folks,
I have collector configured and configuration is pushed using sidecar. It’s working fine for windows security logs. I have added an additional input/output for collecting csv/text data.
The configuration seems to be pushed to nxlog.conf file.
define ROOT C:\Program Files (x86)\nxlog
<Processor 5aa2264e64058a5fecf46625-buffer>
Type Mem
Module pm_buffer
MaxSize 16384
<Processor 5b753b2664058a26d8d041a8-buffer>
Module pm_buffer
MaxSize 16384
Type Mem
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel INFO
<Input 5b753b2664058a26d8d041a8>
Module im_file
File ‘E:\JiraAccessLogs\accesslog.csv’
PollInterval 1
SavePos True
ReadFromLast True
Recursive True
RenameCheck True
Exec $FileName = file_name(); # Send file name with each message
InputType 5b753b2664058a26d8d041a8-multiline
<Input 5aa2264e64058a5fecf46625>
Module im_msvistalog
PollInterval 1
SavePos True
ReadFromLast True
Channel Security
Query
[System[(EventID=4625)]]
[System[(EventID=4740)]]
*[System[(EventID=4776)]]
<Output 5aa2264e64058a5fecf46624>
Module om_tcp
Host 192.168.10.18
Port 5044
OutputType GELF_TCP
Exec $short_message = $raw_event; # Avoids truncation of the short_message field.
Exec $gl2_source_collector = ‘32ac2a23-8474-4c70-a6c2-3aed03246a07’;
Exec $collector_node_id = ‘Server1’;
Exec $Hostname = hostname_fqdn();
<Output 5b75382764058a26d8d03e66>
Module om_tcp
Host 192.168.10.18
Port 5044
OutputType GELF_TCP
Exec $short_message = $raw_event; # Avoids truncation of the short_message field.
Exec $gl2_source_collector = ‘32ac2a23-8474-4c70-a6c2-3aed03246a07’;
Exec $collector_node_id = ‘Server1’;
Exec $Hostname = hostname_fqdn();
However, i don’t see any csv log data coming. I am wondering, do i need to remove the side car and only run nxlog and manually specify the csv functions.
https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#xm_csv
or can i still use sidecar to manage the nxlog config and receive the csv/text data.
Appreciate your inputs on this.