Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Help with NXLog config

https://support.nagios.com/forum/viewtopic.php?t=62057

Page 1 of 1

Help with NXLog config

Posted: Tue Mar 23, 2021 6:16 am
by btsmnagios
Please excuse the question if it sounds easy but I am very new to NXLOG and struggling with it.

I am able to get logs from my clients back to the servers, but the logs are not going back in the correct format, instead of going back as one entry the logs are going back as several entries and I can't work out how to get them back correctly I have supplied my nxlog config and an example of what I am trying to get back so anything that starts with {<DATE>; <TIME>} should be one entry back to the server, any help or pointing in the right direction would be great

Code: Select all

<Input Phonebook>
                Module im_file
                File         'E:\CallLogs\Phonebook\Phonebook.log'
                SavePos               False
                ReadFromLast   False
                Exec       $Message = $raw_event;
</Input>

Code: Select all

{16:03:21; 15:08:29.684} DEBUG [w I/O worker #5] [me.ProtocolMessagePackagerImpl]  New message #2
{16:03:21; 15:08:29.934} DEBUG [.defaultInvoker] [mons.broker.EventBrokerService]  Notifying 4 subscribers...
{16:03:21; 15:08:29.934} DEBUG [.defaultInvoker] [stom.status.CurrentAgentStatus]  Agent: Test_Agent Status: 4 : READY
{16:03:21; 15:08:29.934} DEBUG [w I/O worker #5] [commons.protocol.DuplexChannel]  Handling message: 'EventInfo' (2) attributes:
TM_LENGTH [int] = 0
REQ_ID [int] = 61787
VOID_VALUE [object] = ObjectValue: AgentStatus {
  AgentId = Test_Agent
  LoginId = 1234561
  Status = 4
  Time = 1615907309
  Place = PlaceStatus {
    PlaceId = GSEP_39172
    PlaceStatus = 4
    Time = 1615907309
    DnStatuses = DnStatusesCollection (size=1) [
      [0] DnStatus {
        DN Id = 39172
        SwitchId = HADN_SIPSw_05
        GSW DN TYPES = 1
        DN Status = 4
        Time = 1615907309
        Actions = DnActionCollection (size=0) [
        ]
      }
    ]
  }
}


USER_REQ_ID [int] = -1
TM_SERVER [int] = 1615907309
LONG_VALUE [int] = 0
{16:03:21; 15:08:29.934} DEBUG [w I/O worker #5] [commons.protocol.DuplexChannel]  Complete message handling: 2

Re: Help with NXLog config

Posted: Tue Mar 23, 2021 6:04 pm
by ssax
Please try this:

Code: Select all

<Extension multiline>
    Module xm_multiline
    HeaderLine /^\{\d\d:\d\d:\d\d;\ \d\d:\d\d:\d\d.\d+/
</Extension>

<Input Phonebook>
    Module im_file
    InputType	multiline
    File         'E:\CallLogs\Phonebook\Phonebook.log
    SavePos               False
    ReadFromLast   False
    Exec       $Message = $raw_event;
</Input>

Re: Help with NXLog config

Posted: Tue Mar 30, 2021 2:36 am
by btsmnagios
That worked a treat, thank you very much

So for my understanding the multiline is doing a regular expression search with HeaderLine /^\{\d\d:\d\d:\d\d;\ \d\d:\d\d:\d\d.\d+/"for the start of each log that matches "{16:03:21; 15:08:29." for example and treating the rest of the text the same log until it is getting to the next pattern match

I understand most of the regex but for the start and the end bits /^ and +/

Sorry if the question seems daft I find regex difficult

Re: Help with NXLog config

Posted: Tue Mar 30, 2021 2:43 pm
by vtrac
Hi,
The "^" match the start of a line or string.
The "+" match (one or more) is "greedy"

Example:
"\d+" will match "12345..." digits

Regards,
Vinh
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited