nxlog(8)

NAME

nxlog - collects, processes, converts, and forwards event logs in many different formats

SYNOPSIS

nxlog [-c conffile] [-f]

nxlog [-c conffile] -v

nxlog [-r | -s]

DESCRIPTION

NXLog Agent can process high volumes of event logs from many different sources. Supported types of log processing include rewriting, correlating, alerting, filtering, and pattern matching. Additional features include scheduling, log file rotation, buffering, and prioritized processing. After processing, NXLog Agent can store or forward event logs in many supported formats. Inputs, outputs, and processing are implemented with a modular architecture and a powerful configuration language.

While the details provided here apply to NXLog Agent installations on Linux and other UNIX-style operating systems in particular, a few Windows-specific notes are included.

OPTIONS

-c conffile, --conf conffile

Specify an alternate configuration file conffile. To change the configuration file used by the NXLog Agent service on Windows, modify the service parameters.

-f, --foreground

Run in foreground, do not daemonize.

-q, --quiet

Suppress output to STDOUT/STDERR.

-h, --help

Print help.

-r, --reload

Reload configuration of a running instance.

-s, --stop

Send stop signal to a running instance.

-v, --verify

Verify configuration file syntax.

SIGNALS

Various signals can be used to control the NXLog Agent process. Some corresponding Windows control codes are also available; these are shown in parentheses where applicable.

SIGHUP

This signal causes NXLog Agent to reload the configuration and restart the modules. On Windows, "sc stop nxlog" and "sc start nxlog" can be used instead.

SIGUSR1 (200)

This signal generates an internal log message with information about the current state of NXLog Agent and its configured module instances. The message will be generated with INFO log level, written to the log file (if configured with LogFile), and available via the im_internal module.

SIGUSR2 (201)

This signal causes NXLog Agent to switch to the DEBUG log level. This is equivalent to setting the LogLevel directive to DEBUG but does not require NXLog Agent to be restarted.

SIGINT/SIGQUIT/SIGTERM

NXLog Agent will exit if it receives one of these signals. On Windows, "sc stop nxlog" can be used instead.

On Linux/UNIX, a signal can be sent with the kill command. The following, for example, sends the SIGUSR1 signal:

kill -SIGUSR1 $(cat /opt/nxlog/var/run/nxlog/nxlog.pid)

On Windows, a signal can be sent with the sc command. The following, for example, sends the 200 signal:

sc control nxlog 200

FILES

/opt/nxlog/bin/nxlog

The main NXLog Agent executable.

/opt/nxlog/bin/nxlog-stmnt-verifier

This tool can be used to check NXLog language statements. All statements are read from standard input and then validated. If a statement is invalid, the tool prints an error to standard error and exits non-zero.

/opt/nxlog/etc/nxlog.conf

The default configuration file.

/opt/nxlog/lib/nxlog/modules

The NXLog Agent modules are located in this directory by default. See the ModuleDir directive.

/opt/nxlog/spool/nxlog

If PersistLogqueue is set to TRUE, module queues are stored in this directory. See also LogqueueDir and SyncLogqueue.

/opt/nxlog/spool/nxlog/configcache.dat

This is the position cache file where positions are saved. See the NoCache directive, in addition to CacheDir, CacheFlushInterval, and CacheSync.

/opt/nxlog/var/run/nxlog/nxlog.pid

The process ID (PID) of the currently running NXLog Agent process is written to this file. See the PidFile directive.

ENVIRONMENT

To access environment variables in the NXLog Agent configuration, use the envvar directive.

Copyright © NXLog Ltd. 2024

A commercial license is required to use NXLog Agent. Visit the NXLog website for more information.