NXLog Docs

Box

This add-on is available for purchase. For more information, please contact us.

The Box platform provides content management and file sharing services.

The Box add-on can be used to collect logs from Box using their REST API. Events will be passed to NXLog in Syslog format with the JSON event in the message field.

To set up the add-on, follow these steps.

  1. Copy the box-pull.pl script to a location that is accessible by NXLog.

  2. Edit the configuration entries in the script as necessary, or use arguments to pass configuration to the script as shown in the example below.

  3. Configure NXLog to collect events with the im_exec module.

The script saves the current timestamp to a state file in order to properly resume when it is terminated. If the state file does not exist, the script will collect logs beginning with the current time. To manually specify a starting timestamp (in milliseconds since the epoch), pass it as an argument: ./box-pull.pl --stream_position=1440492435762.

Example 1. Collecting logs from Box

This configuration uses the im_exec module to run the script, which connects to Box and returns Syslog-encapsulated JSON. The xm_syslog parse_syslog() and xm_json parse_json() procedures are used to parse each event into internal NXLog fields. Additional modification to the fieldset can be added, as required, in the Input instance Exec block.

For demonstration purposes, all internal fields are then converted back to JSON and written to file.

nxlog.conf
<Extension _json>
    Module  xm_json
</Extension>

<Extension _syslog>
    Module  xm_syslog
</Extension>

<Input box>
    Module  im_exec
    Command /opt/nxlog/lib/nxlog/box-pull.pl
    Arg     --client_id=YEKigehUh0u4pXeKSgKzwTbfii2stCwU
    Arg     --client_secret=3VRiqMuPDuUYeTXA5Ds9R0B4TnL35WRy
    Arg     --enterprise_id=591376
    Arg     --oauthurl=https://api.box.com/oauth2/token
    Arg     --certkeyfile=privkey.pem
    Arg     --baseurl=https://api.box.com/2.0
    Arg     --pollinterval=5
    Arg     --statefile=/opt/nxlog/var/lib/nxlog/box-pull.dat
    Arg     --syslogpri=(13)
    <Exec>
        parse_syslog();
        parse_json($Message);
    </Exec>
</Input>

<Output file>
    Module  om_file
    File    '/tmp/output'
    Exec    to_json();
</Output>