Extension Modules

Extension modules do not process log messages directly, and for this reason their instances cannot be part of a route. These modules enhance the features of NXLog in various ways, such as exporting new functions and procedures or registering additional I/O reader and writer functions (to be used with modules supporting the InputType and OutputType directives). There are many ways to hook an extension module into the NXLog engine, as the following modules illustrate.

  • Remote Management (xm_admin) — Provides secure remote administration capabilities

  • AIX Auditing (xm_aixaudit) — Parses events in the AIX Audit format

  • Apple System Logs (xm_asl) — Registers an InputType for parsing ASL files

  • Basic Security Module Auditing (xm_bsm) — Registers an InputType for parsing BSM Auditing files

  • Common Event Format (xm_cef) — Generates and parses data in the Common Event Format

  • Character Set Conversion (xm_charconv) — Character Set Conversion (xm_charconv) – Provides tools for converting strings between character sets

  • Delimiter-Separated Values (xm_csv) — Delimiter-Separated Values (xm_csv) – Parses and generates comma- and delimiter-separated data

  • Encryption (xm_crypto) — Encryption (xm_crypto) – Provides data converters for encryption and decryption of log data

  • External Programs (xm_exec) — External Programs (xm_exec) – Supports execution of a program or script during processing

  • File Lists (xm_filelist) — File Lists (xm_filelist) – Provides file-based blacklisting and whitelisting functionality

  • File Operations (xm_fileop) — File Operations (xm_fileop) – Provides tools for manipulating files and implementing retention policies

  • GELF (xm_gelf) — GELF (xm_gelf) – Registers reader and writer functions for processing logs in the Graylog Extended Log Format

  • Go (xm_go) — Go (xm_go) – Provides a Go API and supports calling a Go function

  • Grok (xm_grok) — Grok (xm_grok) – Supports the use of Grok patterns for parsing events

  • Java (xm_java) — Java (xm_java) – Provides a Java API and supports calling a Java subroutine while processing

  • JSON (xm_json) — JSON (xm_json) – Parses and generates log data in JSON format

  • Key-Value Pairs (xm_kvp) — Key-Value Pairs (xm_kvp) – Parses and generates data formatted as key-value pairs

  • LEEF (xm_leef) — LEEF (xm_leef) – Parses and generates data in the Log Event Extended Format

  • Microsoft DNS Server (xm_msdns) — Microsoft DNS Server (xm_msdns) – Parses debug logs generated by Microsoft DNS Server

  • Multiline Parser (xm_multiline) — Multiline Parser (xm_multiline) – Parses log messages that span multiple lines

  • NetFlow (xm_netflow) — NetFlow (xm_netflow) – Registers an InputType for parsing NetFlow data

  • Microsoft Network Policy Server (xm_nps) — Microsoft Network Policy Server (xm_nps) – Parses log data in the Microsoft NPS Database Format

  • Pattern Matcher (xm_pattern) — Pattern Matcher (xm_pattern) – Performs efficient pattern matching with an XML pattern database file

  • Perl (xm_perl) — Perl (xm_perl) – Provides a Perl API and supports calling a Perl subroutine during processing

  • Python (xm_python) — Python (xm_python) – Provides a Python API and supports calling a Python function during processing

  • Resolver (xm_resolver) — Resolver (xm_resolver) – Provides functions for resolving IP addresses, user IDs, group IDs, and their names

  • Rewrite (xm_rewrite) — Rewrite (xm_rewrite) – Implements event field whitelisting and blacklisting; renames fields

  • Ruby (xm_ruby) — Ruby (xm_ruby) – Provides a Ruby API and supports calling a Ruby method during processing

  • SAP (xm_sap) — SAP (xm_sap) - Registers an InputType for parsing SAP audit data

  • SNMP Traps (xm_snmp) — SNMP Traps (xm_snmp) – Registers an InputType for parsing SNMP trap messages

  • Remote Management (xm_soapadmin) — Remote Management (xm_soapadmin) – Provides secure remote administration capabilities

  • Syslog (xm_syslog) — Syslog (xm_syslog) – Parses and generates log data in the various Syslog formats

  • W3C (xm_w3c) — W3C (xm_w3c) – Parses log data in the W3C Extended Log File Format and similar formats

  • WTMP (xm_wtmp) — WTMP (xm_wtmp) – Registers an InputType for parsing binary wtmp files

  • XML (xm_xml) — XML (xm_xml) – Parses and generates log data in XML format

  • Compression (xm_zlib) — Compression (xm_zlib) – Provides compression and decompression of log data