Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Split logs between two destinations

https://support.nagios.com/forum/viewtopic.php?t=59772

Page 1 of 1

Split logs between two destinations

Posted: Wed Aug 19, 2020 4:16 pm
by rferebee
Hello,

Is it possible to configure NXLog to send logs to two different destinations? One being Log Server and the other being a different log collector?

My management would like to analyze logs from specific hosts using a another companies log collection solution to ensure we don't have any security risks. From what I understand both solutions are utilizing the NXLog client.

Thank you.

Re: Split logs between two destinations

Posted: Thu Aug 20, 2020 9:22 am
by scottwilkerson
In the nxlog.conf you can add another output, for example, you would normally have something like this at the bottom

Code: Select all

<Output out>
    Module om_tcp
    Host xxx.xxx.xxx.xxx
    Port 3515
	
    Exec  $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message");
    Exec  $raw_event = to_json();
	
	# Uncomment for debug output
	# Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n");
</Output>
 
<Route 1>
    Path internal, file1, eventlog => out
</Route>
To add a second destination you add another Output and add it to the route, like so

Code: Select all

<Output out>
    Module om_tcp
    Host xxx.xxx.xxx.xxx
    Port 3515
	
    Exec  $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message");
    Exec  $raw_event = to_json();
	
	# Uncomment for debug output
	# Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n");
</Output>

<Output out2>
    Module om_tcp
    Host xxx.xxx.xxx.xxx
    Port 3515
	
    Exec  $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message");
    Exec  $raw_event = to_json();
	
</Output>
 
<Route 1>
    Path internal, file1, eventlog => out, out2
</Route>
Clearly if you aren't sending to another Nagios Log Server server you would want to change the Output for out2 to match what you are sending to.

Re: Split logs between two destinations

Posted: Thu Oct 01, 2020 10:25 am
by rferebee
This thread can be locked. Thank you.

Re: Split logs between two destinations

Posted: Thu Oct 01, 2020 10:54 am
by scottwilkerson
rferebee wrote:This thread can be locked. Thank you.
Great!

Locking thread
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited