NXLog Legacy Documentation

nxlog(8)

NAME

nxlog - collects, processes, converts, and forwards event logs in many different formats.

SYNOPSIS

nxlog [-c conffile] [-f]

nxlog [-c conffile] -v

nxlog [-r | -s]

DESCRIPTION

NXLog can process high volumes of event logs from many different sources. Supported types of log processing include rewriting, correlating, alerting, filtering, and pattern matching. Additional features include scheduling, log file rotation, buffering, and prioritized processing. After processing, NXLog can store or forward event logs in any of many supported formats. Inputs, outputs, and processing are implemented with a modular architecture and a powerful configuration language.

While the details provided here apply to NXLog installations on Linux and other UNIX-style operating systems in particular, a few Windows-specific notes are included.

OPTIONS

-c conffile, --conf conffile

Specify an alternate configuration file conffile. On Windows, this option must be used with -f. To change the configuration file used by the NXLog service on Windows, modify the service parameters.

-f, --foreground

Run in foreground, do not daemonize.

-h, --help

Print help.

-r, --reload

Reload configuration of a running instance.

-s, --stop

Send stop signal to a running instance.

-v, --verify

Verify configuration file syntax.

SIGNALS

Various signals can be used to control the NXLog process. Some corresponding Windows control codes are also available; these are shown in parentheses where applicable.

SIGHUP

This signal causes NXLog to reload the configuration and restart the modules. On Windows, "sc stop nxlog" and "sc start nxlog" can be used instead.

SIGUSR1 (200)

This signal generates an internal log message with information about the current state of NXLog and its configured module instances. The message will be generated with INFO log level, written to the log file (if configured with LogFile), and available via the im_internal module.

SIGUSR2 (201)

This signal causes NXLog to switch to the DEBUG log level. This is equivalent to setting the LogLevel directive to DEBUG but does not require NXLog to be restarted.

SIGINT/SIGQUIT/SIGTERM

NXLog will exit if it receives one of these signals. On Windows, "sc stop nxlog" can be used instead.

On Linux/UNIX, a signal can be sent with the kill command. The following, for example, sends the SIGUSR1 signal:

kill -SIGUSR1 $(cat /run/nxlog/nxlog.pid)

On Windows, a signal can be sent with the sc command. The following, for example, sends the 200 signal:

sc control nxlog 200

FILES

/bin/nxlog

The main NXLog executable

/bin/nxlog-stmnt-verifier

This tool can be used to check NXLog Language statements. All statements are read from standard input and then validated. If a statement is invalid, the tool prints an error to standard error and exits non-zero.

/etc/nxlog.conf

The default configuration file

/usr/libexec/nxlog/modules/

The NXLog modules are located in this directory, by default. See the ModuleDir directive.

/var/spool/nxlog/configcache.dat

This is the position cache file where positions are saved. See the NoCache directive, in addition to CacheDir.

/run/nxlog/nxlog.pid

The process ID (PID) of the currently running NXLog process is written to this file. See the PidFile directive.

SEE ALSO

NXLog website: https://nxlog.co

NXLog User Guide: https://docs.nxlog.co

Copyright © NXLog Ltd. 2024

The NXLog Community Edition is licensed under the NXLog Public License. The NXLog Enterprise Edition is not free and has a commercial license.