File Lists (xm_filelist)
The xm_filelist module can be used to implement file-based allow and block lists. This extension module accepts one or more files containing a list of values separated by a newline. It provides two functions, contains() and matches() that can be invoked to check whether a string argument is present in the files. This can be a username, IP address, or similar. The specified files are cached in memory and any modifications are automatically loaded without the need to restart NXLog Agent.
Configuration
The xm_filelist module accepts the following directives in addition to the common module directives. The File directive is required.
Examples
The following configuration loads a list of hostnames using the xm_filelist module.
The input instance processes syslog messages and uses the matches function to check if the $Hostname
field is found in the loaded list.
If it is, the record is discarded using the drop procedure.
<Extension hosts_list>
Module xm_filelist
File /path/to/hosts/whitelist
</Extension>
<Input in>
Module im_file
File '/path/to/log/file'
Exec parse_syslog();
Exec if hosts_list->matches($Hostname, TRUE) drop();
</Input>