File Lists (xm_filelist)
The xm_filelist module can be used to implement file-based allow and block lists. This extension module accepts one or more files containing a list of values separated by a newline. It provides two functions, contains() and matches() that can be invoked to check whether a string argument is present in the files. This can be a username, IP address, or similar. The specified files are cached in memory and any modifications are automatically loaded without the need to restart NXLog Agent.
To examine the supported platforms, see the list of installation packages. |
Configuration
The xm_filelist module accepts the following directives in addition to the common module directives. The File directive is required.
Examples
The following configuration loads a list of whitelisted hostnames using the xm_filelist module.
The input instance processes Syslog messages and uses the matches function to check if the $Hostname
field is found in the loaded list.
If it is, the record is discarded using the drop procedure.
<Extension hosts_list>
Module xm_filelist
File /path/to/hosts/whitelist
</Extension>
<Input in>
Module im_file
File '/path/to/log/file'
Exec parse_syslog();
Exec if hosts_list->matches($Hostname, TRUE) drop();
</Input>