nxlog(8)
NAME
nxlog - collects, processes, converts, and forwards event logs in many different formats
DESCRIPTION
NXLog can process high volumes of event logs from many different sources. Supported types of log processing include rewriting, correlating, alerting, filtering, and pattern matching. Additional features include scheduling, log file rotation, buffering, and prioritized processing. After processing, NXLog can store or forward event logs in many supported formats. Inputs, outputs, and processing are implemented with a modular architecture and a powerful configuration language.
While the details provided here apply to NXLog installations on Linux and other UNIX-style operating systems in particular, a few Windows-specific notes are included.
OPTIONS
- -c conffile, --conf conffile
-
Specify an alternate configuration file conffile. To change the configuration file used by the NXLog service on Windows, modify the service parameters.
- -f, --foreground
-
Run in foreground, do not daemonize.
- -q, --quiet
-
Suppress output to STDOUT/STDERR.
- -h, --help
-
Print help.
- -r, --reload
-
Reload configuration of a running instance.
- -s, --stop
-
Send stop signal to a running instance.
- -v, --verify
-
Verify configuration file syntax.
SIGNALS
Various signals can be used to control the NXLog process. Some corresponding Windows control codes are also available; these are shown in parentheses where applicable.
- SIGHUP
-
This signal causes NXLog to reload the configuration and restart the modules. On Windows, "sc stop nxlog" and "sc start nxlog" can be used instead.
- SIGUSR1 (200)
-
This signal generates an internal log message with information about the current state of NXLog and its configured module instances. The message will be generated with INFO log level, written to the log file (if configured with LogFile), and available via the im_internal module.
- SIGUSR2 (201)
-
This signal causes NXLog to switch to the DEBUG log level. This is equivalent to setting the LogLevel directive to
DEBUG
but does not require NXLog to be restarted. - SIGINT/SIGQUIT/SIGTERM
-
NXLog will exit if it receives one of these signals. On Windows, "sc stop nxlog" can be used instead.
On Linux/UNIX, a signal can be sent with the kill
command. The following,
for example, sends the SIGUSR1 signal:
kill -SIGUSR1 $(cat /opt/nxlog/var/run/nxlog/nxlog.pid)
On Windows, a signal can be sent with the sc
command. The following, for
example, sends the 200 signal:
sc control nxlog 200
FILES
- /opt/nxlog/bin/nxlog
-
The main NXLog executable.
- /opt/nxlog/bin/nxlog-stmnt-verifier
-
This tool can be used to check NXLog Language statements. All statements are read from standard input and then validated. If a statement is invalid, the tool prints an error to standard error and exits non-zero.
- /opt/nxlog/etc/nxlog.conf
-
The default configuration file.
- /opt/nxlog/lib/nxlog/modules
-
The NXLog modules are located in this directory by default. See the ModuleDir directive.
- /opt/nxlog/spool/nxlog
-
If PersistLogqueue is set to TRUE, module queues are stored in this directory. See also LogqueueDir and SyncLogqueue.
- /opt/nxlog/spool/nxlog/configcache.dat
-
This is the position cache file where positions are saved. See the NoCache directive, in addition to CacheDir, CacheFlushInterval, and CacheSync.
- /opt/nxlog/var/run/nxlog/nxlog.pid
-
The process ID (PID) of the currently running NXLog process is written to this file. See the PidFile directive.
ENVIRONMENT
To access environment variables in the NXLog configuration, use the envvar directive.
SEE ALSO
NXLog website: https://nxlog.co
NXLog User Guide: https://nxlog.co/documentation/nxlog-user-guide