Ruby (xm_ruby)
This module provides support for processing NXLog Agent log data with methods written in the Ruby language Ruby methods can be defined in a script and then called from the Exec directive of any module that will use Ruby for log processing. See the example below. See also the im_ruby and om_ruby modules.
This module provides the following classes and methods.
- Nxlog.log_debug(msg)
-
Send the message msg to the internal logger at DEBUG log level. This method does the same as the core log_debug() procedure.
- Nxlog.log_info(msg)
-
Send the message msg to the internal logger at INFO log level. This method does the same as the core log_info() procedure.
- Nxlog.log_warning(msg)
-
Send the message msg to the internal logger at WARNING log level. This method does the same as the core log_warning() procedure.
- Nxlog.log_error(msg)
-
Send the message msg to the internal logger at ERROR log level. This method does the same as the core log_error() procedure.
- class Nxlog.LogData
-
This class represents an event.
- field_names()
-
This method returns an array with the names of all the fields currently in the event record.
- get_field(name)
-
This method returns the value of the field name in the event.
- set_field(name, value)
-
This method sets the value of field name to value.
Configuration
The xm_ruby module accepts the following directives in addition to the common module directives.
Required directives
The following directives are required for the module to start.
This mandatory directive expects a file containing valid Ruby code. Methods defined in this file can be called with the ruby_call() procedure. |
Examples
In this example logs are parsed as syslog, then the data is passed to a Ruby method which adds an incrementing $AlertCounter
field for any event with a normalized $SeverityValue of at least 4.
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension ruby>
Module xm_ruby
RubyCode ./modules/extension/ruby/processlogs2.rb
</Extension>
<Input in>
Module im_file
File 'test2.log'
<Exec>
parse_syslog();
ruby->call('add_alert_counter');
</Exec>
</Input>
$counter = 0
def add_alert_counter(event)
if event.get_field('SeverityValue') >= 4
Nxlog.log_debug('Adding AlertCounter field')
$counter += 1
event.set_field('AlertCounter', $counter)
end
end