NXLog采集windows日志配置conf文件

Posted 2021-07-22 玩电脑的辣条哥

设备：win10专业版

配置文件内容：

This is a sample configuration file. See the nxlog reference manual about the

configuration options. It should be installed locally and is also available

online at http://nxlog.org/docs/

Please set the ROOT to the folder your nxlog was installed into,

otherwise it will not start.

#define ROOT C:\\Program Files\\nxlog
define ROOT D:\\Program Files (x86)\\nxlog 本程序安装路径

Moduledir %ROOT%\\modules
CacheDir %ROOT%\\data
Pidfile %ROOT%\\data\\nxlog.pid
SpoolDir %ROOT%\\data
LogFile %ROOT%\\data\\nxlog.log

Module xm_syslog Module xm_charconv AutodetectCharsets gbk, utf-8, euc-jp, utf-16, utf-32, iso8859-2 Module xm_json

#define LOGFILE C:\\Program Files (x86)\\nxlog\\data\\nxlog.log
#
#Module xm_fileop

Check the size of our log file every hour and rotate if it is larger than 1Mb

#
#Every 1 hour
#Exec if (file_size(’%LOGFILE%’) >= 1M) file_cycle(’%LOGFILE%’, 2);
#

Rotate our log file every week on sunday at midnight

#
#When @weekly
#Exec file_cycle(’%LOGFILE%’, 2);
#
#

Module im_msvistalog ReadFromLast TRUE * * * $raw_event = "0|EventlogType=" +$Channel + "|DetectTime=" +$EventTime + "|EventSource=" +$SourceName + "|EventID=" +$EventID + "|EventType=" +$EventType + "|EventCategory="+$Task + "|User=" +$AccountName+ "|ComputerName=" +$Hostname + "|Description=" +$Message; # Exec log_info("raw event is: " + $raw_event); Module im_file File 'D:\\\\Program Files (x86)TEXT.LOG Exec convert_fields("AUTO", "utf-8"); SavePos TRUE #ReadFromLast TRUE #Exec $raw_event = 'DbAppSOCAgent get log from "abc" ' + $raw_event; #Exec log_info("raw event 2 is: " + $raw_event);

#
#Module im_file
#File ‘C:\\Program Files\\Microsoft SQL Server\\110\\Setup Bootstrap\\Log\\20151217_130836\\*.log’
#SavePos TRUE
#ReadFromLast TRUE
#Exec $raw_event = 'DbAppSOCAgent get log from “sqlserver” ’ + $raw_event;
#Exec log_info("raw event 3 is: " + $raw_event);
#

Module om_udp Host 192.168.1.142 日志平台服务器地址 Port 514 # Path eventlog,in2,in3 => out Path eventlog,in2 => out