NXLog Docs

Ruby (xm_ruby)

This module provides support for processing NXLog log data with methods written in the Ruby language Ruby methods can be defined in a script and then called from the Exec directive of any module that will use Ruby for log processing. See the example below. See also the im_ruby and om_ruby modules.

The Ruby modules are compatible with Ruby 2 versions only. More recent versions are unlikely to work.
To examine the supported platforms, see the list of installer packages in the Available Modules chapter.

The Nxlog module provides the following classes and methods.

Nxlog.log_debug(msg)

Send the message msg to the internal logger at DEBUG log level. This method does the same as the core log_debug() procedure.

Nxlog.log_info(msg)

Send the message msg to the internal logger at INFO log level. This method does the same as the core log_info() procedure.

Nxlog.log_warning(msg)

Send the message msg to the internal logger at WARNING log level. This method does the same as the core log_warning() procedure.

Nxlog.log_error(msg)

Send the message msg to the internal logger at ERROR log level. This method does the same as the core log_error() procedure.

class Nxlog.LogData

This class represents an event.

field_names()

This method returns an array with the names of all the fields currently in the event record.

get_field(name)

This method returns the value of the field name in the event.

set_field(name, value)

This method sets the value of field name to value.

Configuration

The xm_ruby module accepts the following directives in addition to the common module directives.

RubyCode

This mandatory directive expects a file containing valid Ruby code. Methods defined in this file can be called with the ruby_call() procedure.

Procedures

The following procedures are exported by xm_ruby.

call(string subroutine);

Calls the Ruby method provided in the first argument.

ruby_call(string subroutine);

Calls the Ruby method provided in the first argument.

Examples

Example 1. Processing logs with Ruby

In this example logs are parsed as syslog, then the data is passed to a Ruby method which adds an incrementing $AlertCounter field for any event with a normalized $SeverityValue of at least 4.

nxlog.conf
<Extension _syslog>
    Module      xm_syslog
</Extension>

<Extension ruby>
    Module      xm_ruby
    RubyCode    ./modules/extension/ruby/processlogs2.rb
</Extension>

<Input in>
    Module      im_file
    File        'test2.log'
    <Exec>
        parse_syslog();
        ruby->call('add_alert_counter');
    </Exec>
</Input>
processlogs2.rb
$counter = 0

def add_alert_counter(event)
  if event.get_field('SeverityValue') >= 4
    Nxlog.log_debug('Adding AlertCounter field')
    $counter += 1
    event.set_field('AlertCounter', $counter)
  end
end