Split logs between two destinations

[rferebee]

Hello,

Is it possible to configure NXLog to send logs to two different destinations? One being Log Server and the other being a different log collector?

My management would like to analyze logs from specific hosts using a another companies log collection solution to ensure we don't have any security risks. From what I understand both solutions are utilizing the NXLog client.

Thank you.

[scottwilkerson]

In the nxlog.conf you can add another output, for example, you would normally have something like this at the bottom

Code: Select all

<Output out>
    Module om_tcp
    Host xxx.xxx.xxx.xxx
    Port 3515
	
    Exec  $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message");
    Exec  $raw_event = to_json();
	
	# Uncomment for debug output
	# Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n");
</Output>
 
<Route 1>
    Path internal, file1, eventlog => out
</Route>

To add a second destination you add another Output and add it to the route, like so

Code: Select all

<Output out>
    Module om_tcp
    Host xxx.xxx.xxx.xxx
    Port 3515
	
    Exec  $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message");
    Exec  $raw_event = to_json();
	
	# Uncomment for debug output
	# Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n");
</Output>

<Output out2>
    Module om_tcp
    Host xxx.xxx.xxx.xxx
    Port 3515
	
    Exec  $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message");
    Exec  $raw_event = to_json();
	
</Output>
 
<Route 1>
    Path internal, file1, eventlog => out, out2
</Route>

Clearly if you aren't sending to another Nagios Log Server server you would want to change the Output for out2 to match what you are sending to.

[rferebee]

This thread can be locked. Thank you.

[scottwilkerson]

This thread can be locked. Thank you.

Great!

Locking thread