Commit 3a3fd9ad authored by NXLog CI User's avatar NXLog CI User

New Config Samples

parent de7006bc
<Input nginx_access>
Module im_uds
UDS /var/log/nginx/access.sock
<Exec>
parse_syslog();
if $Message =~ /(?x)^(\S+)\ \S+\ (\S+)\ \[([^\]]+)\]\ \"(\S+)\ (.+)
\ HTTP\/\d\.\d\"\ (\S+)\ (\S+)\ \"([^\"]+)\"
\ \"([^\"]+)\"/
{
$Hostname = $1;
if $2 != '-' $AccountName = $2;
$EventTime = parsedate($3);
$HTTPMethod = $4;
$HTTPURL = $5;
$HTTPResponseStatus = $6;
if $7 != '-' $FileSize = $7;
if $8 != '-' $HTTPReferer = $8;
if $9 != '-' $HTTPUserAgent = $9;
delete($Message);
}
</Exec>
</Input>
\ No newline at end of file
<Input nginx_access>
Module im_udp
Host 0.0.0.0
Port 514
<Exec>
parse_syslog();
if $Message =~ /(?x)^(\S+)\ \S+\ (\S+)\ \[([^\]]+)\]\ \"(\S+)\ (.+)
\ HTTP\/\d\.\d\"\ (\S+)\ (\S+)\ \"([^\"]+)\"
\ \"([^\"]+)\"/
{
$Hostname = $1;
if $2 != '-' $AccountName = $2;
$EventTime = parsedate($3);
$HTTPMethod = $4;
$HTTPURL = $5;
$HTTPResponseStatus = $6;
if $7 != '-' $FileSize = $7;
if $8 != '-' $HTTPReferer = $8;
if $9 != '-' $HTTPUserAgent = $9;
delete($Message);
}
</Exec>
</Input>
\ No newline at end of file
<Input nginx_error>
Module im_udp
Host 0.0.0.0
Port 514
<Exec>
parse_syslog();
if $Message =~ /^\S+ \S+ \[\S+\] (\d+)\#(\d+): (\*(\d+) )?(.+)$/
{
$NginxPID = $1;
$NginxTID = $2;
if $4 != '' $NginxCID = $4;
$Message = $5;
}
</Exec>
</Input>
\ No newline at end of file
<Input nginx_error>
Module im_uds
UDS /var/log/nginx/error.sock
<Exec>
parse_syslog();
if $Message =~ /^\S+ \S+ \[\S+\] (\d+)\#(\d+): (\*(\d+) )?(.+)$/
{
$NginxPID = $1;
$NginxTID = $2;
if $4 != '' $NginxCID = $4;
$Message = $5;
}
</Exec>
</Input>
\ No newline at end of file
<Input nginx_error>
Module im_file
File '/var/log/nginx/error.log'
<Exec>
if $raw_event =~ /^(\S+ \S+) \[(\S+)\] (\d+)\#(\d+): (\*(\d+) )?(.+)$/
{
$EventTime = strptime($1, '%Y/%m/%d %H:%M:%S');
$NginxLogLevel = $2;
$NginxPID = $3;
$NginxTID = $4;
if $6 != '' $NginxCID = $6;
$Message = $7;
}
</Exec>
</Input>
\ No newline at end of file
<Input tcp>
Module im_tcp
Port 1234
Host 0.0.0.0
</Input>
<Output odbc>
Module om_odbc
ConnectionString DSN=mysql_ds;username=mysql;password=mysql;database=logdb;
<Exec>
if ( sql_exec("INSERT INTO log (facility, severity, hostname, timestamp, " +
"application, message) VALUES (?, ?, ?, ?, ?, ?)",
1, 2, "host", now(), "app", $raw_event) == TRUE )
{
if ( sql_fetch("SELECT max(id) as id from log") == TRUE )
{
log_info("ID: " + $id);
if ( sql_fetch("SELECT message from log WHERE id=?", $id) == TRUE )
{
log_info($message);
}
}
}
</Exec>
</Output>
<Route tcp_to_odbc>
Path tcp => odbc
</Route>
\ No newline at end of file
<Input tcp>
Module im_tcp
Port 1234
Host 0.0.0.0
</Input>
<Output odbc>
<Output mssql>
Module om_odbc
ConnectionString DSN=mysql_ds;username=mysql;password=mysql;database=logdb;
<Exec>
if ( sql_exec("INSERT INTO log (facility, severity, hostname, timestamp, " +
"application, message) VALUES (?, ?, ?, ?, ?, ?)",
1, 2, "host", now(), "app", $raw_event) == TRUE )
{
if ( sql_fetch("SELECT max(id) as id from log") == TRUE )
{
log_info("ID: " + $id);
if ( sql_fetch("SELECT message from log WHERE id=?", $id) == TRUE )
{
log_info($message);
}
}
}
</Exec>
</Output>
<Route tcp_to_odbc>
Path tcp => odbc
</Route>
\ No newline at end of file
ConnectionString Driver={ODBC Driver 13 for SQL Server}; Server=MSSQL-HOST; \
UID=test; PWD=testpass; Database=TESTDB
SQL "INSERT INTO dbo.test1 (timestamp, message) VALUES (?,?)", \
$EventTime, $Message
</Output>
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment