WTMP (xm_wtmp)
This module provides a parser function to process binary wtmp files. The module registers a parser function using the name of the extension module instance. This parser can be used as a parameter for the InputType directive in input modules such as im_file.
To examine the supported platforms, see the list of installation packages. |
Configuration
The xm_wtmp module accepts only the common module directives.
Examples
Example 1. WTMP to JSON format conversion
The following configuration accepts WTMP and converts it to JSON.
nxlog.conf
<Extension wtmp>
Module xm_wtmp
</Extension>
<Extension json>
Module xm_json
</Extension>
<Input in>
Module im_file
File '/var/log/wtmp'
InputType wtmp
Exec to_json();
</Input>
<Output out>
Module om_file
File '/var/log/wtmp.txt'
</Output>
<Route processwtmp>
Path in => out
</Route>
Output Sample
{
"EventTime":"2013-10-01 09:39:59",
"AccountName":"root",
"Device":"pts/1",
"LoginType":"login",
"EventReceivedTime":"2013-10-10 15:40:20",
"SourceModuleName":"input",
"SourceModuleType":"im_file"
}
{
"EventTime":"2013-10-01 23:23:38",
"AccountName":"shutdown",
"Device":"no device",
"LoginType":"shutdown",
"EventReceivedTime":"2013-10-11 10:58:00",
"SourceModuleName":"input",
"SourceModuleType":"im_file"
}