NXLog search
Let's talk Start free
Let's talk Start free

NXLog Legacy Documentation

multi-line logs

What is a multi-line log?

Description

Multi-line logs contain event records spanning multiple lines. A typical example of multi-line logs is application debug logs containing stack traces. Such event records start with a timestamp, then an error message, followed by the stack trace. Multi-line logs are not uncommon, yet they need special treatment because the log collection software has to be aware of the parts that make up a single event record. Separating distinct log records is fundamental to making sense of the information gathered from multi-line logs.

In the world of NXLog

Multi-line log messages are often stored in files or forwarded over the network without encapsulation. In this case, regular line-based log parsers do not work because the newline character does not necessarily mean the beginning of a new log record.

NXLog supports multi-line logs via the dedicated xm_multiline extension module. This module simplifies parsing multi-line log records and supports defining header lines, footer lines, and fixed line counts, amongst other features.

Known as

multiline logs, multi-line logs, multi line logs, multiple line logs

Related

Parsing multi-line logs
Multiline Parser (xm_multiline)
Multiple lines

A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   R   S   T   U   V   W   X   Z

A

agent

agent-based log collection

agentless log collection

audit log

B

bandwidth

C

CEF (Common Event Format)

CSV (Comma-separated Values)

D

data source

DNS logging

E

endpoint security

EPS (Events Per Second)

ETW (Event Tracing for Windows)

event correlation

F

failover

G

GELF (Graylog Extended Log Format)

H

High Availability (HA)

I

ICMP (Internet Control Message Protocol)

IDS (Intrusion Detection System)

J

JSON (JavaScript Object Notation)

K

kernel log

KVP (Key-Value Pair)

L

LEEF (Log Event Extended Format)

log centralization

log normalization

log parsing

M

MSSP (Managed Security Service Provider)

multi-line logs

N

NetFlow

O

open source

P

pattern

PCI-DSS (Payment Card Industry Data Security Standard)

protocol

R

Raijin database

Remote Access Server Role

S

SCCM (System Center Configuration Manager)

SEM (Security Event Management)

SIM (Security Information Management)

SIEM (Security Information and Event Management)

SNMP (Simple Network Management Protocol)

SOC (Security Operations Center)

structured logging

syslog

T

TCP (Transmission Control Protocol)

TLS (Transport Layer Security)/SSL (Secure Sockets Layer)

U

UEBA (User and Entity Behavior Analytics)

UDP (User Datagram Protocol)

V

vendor-agnostic

W

W3C Extended Log File Format

WEC (Windows Event Collector)

WEF (Windows Event Forwarding)

Windows Event ID

WMI (Windows Management Instrumentation)

X

XPath

Z

ZeroMQ