...
Edit the define directive at the beginning of the file to set ROOT to the path where you installed NXLog.
In the devo_relay output module:
Enter the IP address of the Devo relay as the Host.
The port should be 13000 when you simply want the relay to forward the events to Devo.
In the ssl_devo output module:
For the Host, replace the XX in the hostname with your Devo cloud region. For example, us collector-us.elbdevo.relayio.logtrust.net.
Edit the paths/filenames for CAFile, CertFile, and CertKeyFile to reference the locations of your Devo domain's certificate files.
Code Block |
---|
## This is a sample configuration file. See the NXLog reference manual about the ## configuration options. It should be installed locally and is also available ## online at http://nxlog.org/docs/ ## Please set the ROOT to the folder your NXLog was installed into, ## otherwise it will not start. #define ROOT C:\Program Files\nxlog define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension json> Module xm_json </Extension> DateFormat YYYY-MM-DD hhDDThh:mm:ss.sUTC GenerateDateInUTC TRUE <Extension _syslog> Module xm_syslog </Extension> <Input in> Module im_msvistalog ReadFromLast True Query <QueryList>\ <Query Id="0">\ <Select Path="Application">*</Select>\ <Select Path="System">*</Select>\ <Select Path="Security">*</Select>\ <Select Path="Windows PowerShell">*</Select>\ </Query>\ </QueryList> Exec $UnixTime = integer($EventTime)/1000; </Input> <Output devo_relay> Module om_tcp Host RELAY_IP_ADDRESS Port 13000 Exec $Message = to_json(); $SourceName="box.win_nxlog."+lc($Channel); delete($ProcessID); to_syslog_bsd(); </Output> <Output ssl_devo> Module om_ssl Host XX.elb.relay.logtrust.net Port 443 CAFile C:\Program Files (x86)\nxlog\cert\CHAIN.crt CertFile C:\Program Files (x86)\nxlog\cert\DOMAIN.crt CertKeyFile C:\Program Files (x86)\nxlog\cert\DOMAIN.key KeyPass secret AllowUntrusted TRUE Exec $Message = to_json(); $SourceName="box.win_nxlog."+lc($Channel); delete($ProcessID); to_syslog_bsd(); </Output> <Output file> Module om_file File 'C:\nxlog_events.log' Exec $Message = to_json(); $SourceName="box.win_nxlog."+lc($Channel); delete($ProcessID); to_syslog_bsd(); </Output> <Route 1> Path in => devo_relay </Route> |
...