0

我有一个 windows nxlog 客户端和 ubuntu nxlog 服务器。

但是我的 windows nxlog 客户端日志没有在 nxlog 服务器上填充。

通过 tshark 检查线路时,我确实看到我的客户端正在 nxlog 服务器上发送日志,但是它们没有被填充到文件中。

nxlog 服务器配置文件的相关部分如下所示。

## This is a sample configuration file. See the nxlog reference manual about   the
## configuration options. It should be installed locally under
## /usr/share/doc/nxlog-ce/ and is also available online at
## http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

########################################
# Global directives                    #
########################################
User nxlog
Group nxlog

LogFile /var/log/nxlog/nxlog.log
LogLevel INFO

########################################
# Modules                              #
########################################
<Extension _syslog>
  Module      xm_syslog
</Extension>


<Extension _exec>
  Module      xm_exec
</Extension>

<Extension fileop>
  Module      xm_fileop
</Extension>


<Extension multiline>
  Module xm_multiline
  HeaderLine /^/
  EndLine ""
</Extension>

<Input in1>
   Module      im_udp
   Host        0.0.0.0
   Port        514
   Exec        parse_syslog();
 </Input>

<Input in2>
  Module      im_tcp
  Host        0.0.0.0
  Port        514
</Input>


<Processor norepeat>
  Module pm_norepeat
  CheckFields Hostname, SourceName, Message
</Processor>

<Output fileout1>
  Module      om_file
  #Exec        if $Message =~ /Deny/ drop();
   Exec        if $Message =~ /Teardown/ drop();
   Exec        if $Message =~ /(TRACE|DEBUG)/ drop();
   Exec        if $Message =~  /::ffff:xxxxx/ drop();
   Exec        if $Message =~  /ControlPortal.cgi/ drop();
   File        "/var/log/nxlog/" + $Hostname + ".log"
   Exec        $filename = "/var/log/nxlog/" + $Hostname + ".log";
   Exec        if (file_size($filename) > 1M) file_cycle($filename,2);
</Output>

当我从 tshark 检查服务器上的消息时,我确实从源 .ie 172.16.130.67 获得输入

apturing on 'eth1'
  1   0.000000 172.16.130.67 -> 172.16.128.6 Syslog 319 USER.NOTICE: 1 2016-12-23T11:14:16.179155+00:00xxx-PROD1 ABC - - [NXLOG@14506 EventReceivedTime="2016-12-23 11:14:16" SourceModuleName="ems" SourceModuleType="im_file"] 2016-12-23 11:14:15,719 DEBUG http-apr-80-exec-4 com.sfnt.ems.web.DOSPreventionFilter - Reached DOSPreventionFilter
1   2   0.000271 172.16.130.67 -> 172.16.128.6 Syslog 324 USER.NOTICE: 1 2016-12-23T11:14:16.179155+00:00 xxx-PROD1 abc - - [NXLOG@14506 EventReceivedTime="2016-12-23 11:14:16" SourceModuleName="ems" SourceModuleType="im_file"] 2016-12-23 11:14:15,720 INFO http-apr-80-exec-4 com.sfnt.ems.web.AuthenticationFilter - BY PASSING URI : /xxx/login.html

但是日志文件没有在 /var/log/nxlog/ 中创建

我已经重新启动了 rsyslog 和 nxlog 服务。

这里还有什么可以解决的。

4

0 回答 0