设备:win10专业版
配置文件内容:
This is a sample configuration file. See the nxlog reference manual about the
configuration options. It should be installed locally and is also available
online at /docs/
Please set the ROOT to the folder your nxlog was installed into,
otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT D:\Program Files (x86)\nxlog 本程序安装路径
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
Module xm_syslog Module xm_charconv AutodetectCharsets gbk, utf-8, euc-jp, utf-16, utf-32, iso8859-2 Module xm_json
#define LOGFILE C:\Program Files (x86)\nxlog\data\nxlog.log
#
#Module xm_fileop
Check the size of our log file every hour and rotate if it is larger than 1Mb
#
#Every 1 hour
#Exec if (file_size(’%LOGFILE%’) >= 1M) file_cycle(’%LOGFILE%’, 2);
#
Rotate our log file every week on sunday at midnight
#
#When @weekly
#Exec file_cycle(’%LOGFILE%’, 2);
#
#
Module im_msvistalog ReadFromLast TRUE * * * $raw_event = "0|EventlogType=" +$Channel + "|DetectTime=" +$EventTime + "|EventSource=" +$SourceName + "|EventID=" +$EventID + "|EventType=" +$EventType + "|EventCategory="+$Task + "|User=" +$AccountName+ "|ComputerName=" +$Hostname + "|Description=" +$Message; # Exec log_info("raw event is: " + $raw_event); Module im_file File 'D:\\Program Files (x86)TEXT.LOG Exec convert_fields("AUTO", "utf-8"); SavePos TRUE #ReadFromLast TRUE #Exec $raw_event = 'DbAppSOCAgent get log from "abc" ' + $raw_event; #Exec log_info("raw event 2 is: " + $raw_event);
#
#Module im_file
#File ‘C:\Program Files\Microsoft SQL Server\110\Setup Bootstrap\Log\1217_130836\*.log’
#SavePos TRUE
#ReadFromLast TRUE
#Exec $raw_event = 'DbAppSOCAgent get log from “sqlserver” ’ + $raw_event;
#Exec log_info("raw event 3 is: " + $raw_event);
#
Module om_udp Host 192.168.1.142 日志平台服务器地址 Port 514 # Path eventlog,in2,in3 => out Path eventlog,in2 => out
