My nxlog.conf file for the lab
///////////////////////////////////////////////////////////////
Panic Soft
#NoFreeOnExit TRUE
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
<Extension _gelf>
Module xm_gelf
</Extension>
<Input from_eventlog>
Module im_msvistalog
ReadFromLast FALSE
SavePos TRUE
</Input>
<Output out>
Module om_udp
Host 192.168.1.2
Port 12201
#Exec to_syslog_snare();
OutputType GELF
</Output>
<Route 1>
Path from_eventlog => out
</Route>
<Extension _fileop>
Module xm_fileop
# Check the size of our log file hourly, rotate if larger than 5MB
<Schedule>
Every 1 hour
Exec if (file_exists('%LOGFILE%') and \
(file_size('%LOGFILE%') >= 5M)) \
file_cycle('%LOGFILE%', 8);
</Schedule>
# Rotate our log file every week on Sunday at midnight
<Schedule>
When @weekly
Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
</Schedule>
</Extension>
No comments:
Post a Comment