nxlog - collects, processes, converts, and forwards event logs in many different formats
NXLog can process high volumes of event logs from many different sources. Supported types of log processing include rewriting, correlating, alerting, filtering, and pattern matching. Additional features include scheduling, log file rotation, buffering, and prioritized processing. After processing, NXLog can store or forward event logs in any of many supported formats. Inputs, outputs, and processing are implemented with a modular architecture and a powerful configuration language.
While the details provided here apply to NXLog installations on Linux and other UNIX-style operating systems in particular, a few Windows-specific notes are included.
- -c conffile, --conf conffile
Specify an alternate configuration file conffile. On Windows, this option must be used with -f. To change the configuration file used by the NXLog service on Windows, modify the service parameters.
- -f, --foreground
Run in foreground, do not daemonize.
- -h, --help
- -r, --reload
Reload configuration of a running instance.
- -s, --stop
Send stop signal to a running instance.
- -v, --verify
Verify configuration file syntax.
Various signals can be used to control the NXLog process. Some corresponding Windows control codes are also available; these are shown in parentheses where applicable.
This signal causes NXLog to reload the configuration and restart the modules. On Windows, "sc stop nxlog" and "sc start nxlog" can be used instead.
- SIGUSR1 (200)
This signal generates an internal log message with information about the current state of NXLog and its configured module instances. The message will be generated with INFO log level, written to the log file (if configured with LogFile), and available via the im_internal module.
- SIGUSR2 (201)
This signal causes NXLog to switch to the DEBUG log level. This is equivalent to setting the LogLevel directive to
DEBUGbut does not require NXLog to be restarted.
NXLog will exit if it receives one of these signals. On Windows, "sc stop nxlog" can be used instead.
On Linux/UNIX, a signal can be sent with the
kill command. The following,
for example, sends the SIGUSR1 signal:
kill -SIGUSR1 $(cat /run/nxlog/nxlog.pid)
On Windows, a signal can be sent with the
sc command. The following, for
example, sends the 200 signal:
sc control nxlog 200
The main NXLog executable
This tool can be used to check NXLog Language statements. All statements are read from standard input and then validated. If a statement is invalid, the tool prints an error to standard error and exits non-zero.
The default configuration file
The NXLog modules are located in this directory, by default. See the ModuleDir directive.
The process ID (PID) of the currently running NXLog process is written to this file. See the PidFile directive.
NXLog website: https://nxlog.co
NXLog User Guide: https://docs.nxlog.co/userguide/nxlog-user-guide.html
Copyright © NXLog Ltd. 2022
The NXLog Community Edition is licensed under the NXLog Public License. The NXLog Enterprise Edition is not free and has a commercial license.