Processing logs
This chapter deals with various tasks that might be required after a log message is received by NXLog.
-
Parsing various log formats — Reading fields from several common log formats
-
Alerting — Generating alerts when specific conditions are met
-
Using buffers — Using disk- and memory-based buffering in NXLog
-
Character set conversion — Converting between character sets during processing
-
Detecting an inactive agent or log source — Generating alerts when a remote agent or log source stops sending logs
-
Event correlation — Using a dedicated module for detecting conditions based on a sliding window
-
Extracting data — Implementing parsing using module procedures or regular expressions
-
Filtering logs — Discarding events based on specified conditions
-
Format conversion — Configuring conversion between input and output formats
-
Log rotation and retention — Setting up policies for automatically retaining and discarding past log data
-
Log classification — Matching and tagging events
-
Log prioritization — Processing logs based on priority
-
Parsing multi-line logs — Joining and parsing messages that span multiple lines
-
Rewriting and modifying logs — Making changes to log messages during processing
-
Log normalization — Methods to normalize log data and common NXLog fields
-
Data masking — Masking sensitive data in log records
-
Timestamps — Working with timestamp strings and datetime values
