This module provides support for processing NXLog log data with methods written in the Ruby language Ruby methods can be defined in a script and then called from the Exec directive of any module that will use Ruby for log processing. See the example below. See also the im_ruby and om_ruby modules.
|The Ruby modules are compatible with Ruby 2 versions only. More recent versions are unlikely to work.|
|To examine the supported platforms, see the list of installer packages in the Available Modules chapter.|
Nxlog module provides the following classes and methods.
Send the message msg to the internal logger at DEBUG log level. This method does the same as the core log_debug() procedure.
Send the message msg to the internal logger at INFO log level. This method does the same as the core log_info() procedure.
Send the message msg to the internal logger at WARNING log level. This method does the same as the core log_warning() procedure.
Send the message msg to the internal logger at ERROR log level. This method does the same as the core log_error() procedure.
- class Nxlog.LogData
This class represents an event.
This method returns an array with the names of all the fields currently in the event record.
This method returns the value of the field name in the event.
- set_field(name, value)
This method sets the value of field name to value.
In this example logs are parsed as syslog, then the data is passed to a Ruby method which adds an incrementing
$AlertCounter field for any event with a normalized $SeverityValue of at least 4.
<Extension _syslog> Module xm_syslog </Extension> <Extension ruby> Module xm_ruby RubyCode ./modules/extension/ruby/processlogs2.rb </Extension> <Input in> Module im_file File 'test2.log' <Exec> parse_syslog(); ruby->call('add_alert_counter'); </Exec> </Input>
$counter = 0 def add_alert_counter(event) if event.get_field('SeverityValue') >= 4 Nxlog.log_debug('Adding AlertCounter field') $counter += 1 event.set_field('AlertCounter', $counter) end end