NXLog Docs

Ruby (xm_ruby)

This module provides support for processing NXLog log data with methods written in the Ruby language Ruby methods can be defined in a script and then called from the Exec directive of any module that will use Ruby for log processing. See the example below. See also the im_ruby and om_ruby modules.

To examine the supported platforms, see the list of installer packages in the Available Modules chapter.

This module provides the following classes and methods.

Nxlog.log_debug(msg)

Send the message msg to the internal logger at DEBUG log level. This method does the same as the core log_debug() procedure.

Nxlog.log_info(msg)

Send the message msg to the internal logger at INFO log level. This method does the same as the core log_info() procedure.

Nxlog.log_warning(msg)

Send the message msg to the internal logger at WARNING log level. This method does the same as the core log_warning() procedure.

Nxlog.log_error(msg)

Send the message msg to the internal logger at ERROR log level. This method does the same as the core log_error() procedure.

class Nxlog.LogData

This class represents an event.

field_names()

This method returns an array with the names of all the fields currently in the event record.

get_field(name)

This method returns the value of the field name in the event.

set_field(name, value)

This method sets the value of field name to value.

Configuration

The xm_ruby module accepts the following directives in addition to the common module directives.

Required directives

The following directives are required for the module to start.

RubyCode

This mandatory directive expects a file containing valid Ruby code. Methods defined in this file can be called with the ruby_call() procedure.

Procedures

The following procedures are exported by xm_ruby.

call(string subroutine);

Calls the Ruby method provided in the first argument.

ruby_call(string subroutine);

Calls the Ruby method provided in the first argument.

Examples

Example 1. Processing logs with Ruby

In this example logs are parsed as syslog, then the data is passed to a Ruby method which adds an incrementing $AlertCounter field for any event with a normalized $SeverityValue of at least 4.

nxlog.conf
<Extension _syslog>
    Module      xm_syslog
</Extension>

<Extension ruby>
    Module      xm_ruby
    RubyCode    ./modules/extension/ruby/processlogs2.rb
</Extension>

<Input in>
    Module      im_file
    File        'test2.log'
    <Exec>
        parse_syslog();
        ruby->call('add_alert_counter');
    </Exec>
</Input>
processlogs2.rb
$counter = 0

def add_alert_counter(event)
  if event.get_field('SeverityValue') >= 4
    Nxlog.log_debug('Adding AlertCounter field')
    $counter += 1
    event.set_field('AlertCounter', $counter)
  end
end