NXLog docs page backgorund
Request Trial

Configure an NXLog Agent relay

The purpose of a relay is to gather logs from multiple sources and forward them to the final destination, such as NXLog Platform. See Centralized log collection for more information.

Below, we provide examples of configuring NXLog Agent as a relay and collecting logs from another NXLog Agent instance and other log sources.

Transfer logs between NXLog Agent instances

The NXLog Transport modules efficiently transport compressed logs between NXLog Agent instances. These modules preserve all the event fields, so you don’t need to parse log records again on the relay.

Example 1. Transferring logs between NXLog Agent instances

First, configure an NXLog Agent relay to receive logs using the im_batchcompress input module.

nxlog.conf
<Input nxlog_transport>
    Module         im_batchcompress
    ListenAddr     0.0.0.0:2514
    CAFile         /opt/nxlog/cert/rootCA.pem  (1)
    CertFile       /opt/nxlog/cert/agent-cert.pem  (2)
    CertKeyFile    /opt/nxlog/cert/agent-key.pem  (3)
</Input>
1 The CAFile directive specifies the path to the CA certificate to verify the remote agent’s certificate.
2 The CertFile directive specifies the path to the relay server’s certificate.
3 The CertKeyFile directive specifies the public key that was used to sign the relay server’s certificate.

Once your relay is up and running, configure your other NXLog Agent instances to send logs to it with the om_batchcompress output module.

nxlog.conf
<Output agent_relay>
    Module         om_batchcompress
    Host           192.168.1.101:2514
    UseSSL         TRUE
    CAFile         /opt/nxlog/cert/rootCA.pem  (1)
    CertFile       /opt/nxlog/cert/agent-cert.pem  (2)
    CertKeyFile    /opt/nxlog/cert/agent-key.pem  (3)
</Output>
1 The CAFile directive specifies the path to the CA certificate to verify the remote agent’s certificate.
2 The CertFile directive specifies the path to the local server’s certificate.
3 The CertKeyFile directive specifies the public key that was used to sign the local server’s certificate.

Receive logs from multiple sources

You can configure an NXLog Agent relay to collect logs from different sources, e.g., a network device that can only send logs over UDP and a software application that sends logs over TCP.

Example 2. Collecting logs over TCP and UDP

This configuration collects syslog messages over TCP and UDP. In both instances, it parses log records with the parse_syslog() procedure of xm_syslog.

nxlog.conf
<Extension syslog>
    Module        xm_syslog
</Extension>

<Input tcp>
    Module        im_tcp
    ListenAddr    0.0.0.0:1514
    Exec          parse_syslog();
</Input>

<Input udp>
    Module        im_udp
    ListenAddr    0.0.0.0:514
    Exec          parse_syslog();
</Input>

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS