Nxlog is multi platform log collector and forwarder,In windows we can use logstash forwarder or nxlog to collect and send the logs to logstash server. In this article we will see how to send the logs using nxlog. Download the nxlog from http://nxlog.co/products/nxlog-community-edition/download and install it in your machine. After installation go to nxlog installation folder under conf we can find a file called nxlog.conf. All the configuration of nxlog will be provided in this file.
We could see following default configurations in nexlog like loglocation,module location etc... In our example we are going to read one file and send those information to logstash. we need to do following configuration in configuration file.
First in the input section we need to include file module to read the files and also need to specify the location of the file in input section.Next output section we need to specify how are we going to send the files,here we mentioned over TCP we are going to transmit the message on particular port. This is the port where logstash is going to read the logs.Route tells how are we going to process the data. We are done with configuration. We can start nxlog either from running nxlog.exe or from the system services. Now lets look at the logstash configuration
Now we configured logstash receive the inputs from tcp port 3515 and pattern will be matched against the incoming messages and produce required output. Now start the logstash first we should not see any errors in startup then we need to start the nexlog. We can verify the status of the connection between nxlog and logstash through log file. This log file available in \nxlog\data\nxlog.log and we should see the message like below if its started properly.
That's all.
We could see following default configurations in nexlog like loglocation,module location etc... In our example we are going to read one file and send those information to logstash. we need to do following configuration in configuration file.
<Input in> Module im_file File "C:\\Application.log" SavePos TRUE </Input> <Output out> Module om_tcp Host 127.0.0.1 Port 3515 </Output> <Route 1> Path in => out </Route>
First in the input section we need to include file module to read the files and also need to specify the location of the file in input section.Next output section we need to specify how are we going to send the files,here we mentioned over TCP we are going to transmit the message on particular port. This is the port where logstash is going to read the logs.Route tells how are we going to process the data. We are done with configuration. We can start nxlog either from running nxlog.exe or from the system services. Now lets look at the logstash configuration
input {
tcp {
port => 3515
type => "nxlogs"
}
}
filter {
grok{
match => ["message", "\[%{WORD:component}\] %{TIMESTAMP_ISO8601:timestamp} %{WORD:timeZone} %{NUMBER:responseCode}%{SPACE}ERROR%{SPACE}\[%{NOTSPACE:comp}\]%{SPACE}\[%{NOTSPACE:process}\]%{GREEDYDATA:errorMsg}"]
}
}
output {
stdout { codec => rubydebug }
}
Now we configured logstash receive the inputs from tcp port 3515 and pattern will be matched against the incoming messages and produce required output. Now start the logstash first we should not see any errors in startup then we need to start the nexlog. We can verify the status of the connection between nxlog and logstash through log file. This log file available in \nxlog\data\nxlog.log and we should see the message like below if its started properly.
2015-08-14 12:21:09 INFO connecting to 127.0.0.1:3515 2015-08-14 12:21:09 INFO nxlog-ce-2.8.1248 started