NXLOG is a universal log collector and forwarder supporting different platforms (BSD, Unix, Linux, Windows, Android), log sources and protocols (Syslog, Windows EventLog, Graylog2 GELF, XML, JSON, CSV and more). Learn more...
Version 2.4.1054 has been released. This version now compiles and works on IBM AIX and should be fine on Solaris as well. This release contains numerous stabilization and bug fixes, consult the ChangeLog file for the detailed list of changes.
Version 2.3.1027 has been released today. This version brings a new processor module named pm_evcorr which provides event correlation functionality in addition to the already available nxlog language features (variables and statistical counters). This module was greatly inspired by the Perl based sec.pl simple event correlation tool.
In addition to the above the following fixes and enhancements are available in this relese:
This release contains several smaller bug fixes and enhacements. The most notable feature addition is the SockBufSize option for the udp input module. Also added a section to the reference manual about parsing syslog from Cisco devices.
See the ChangeLog included in the sources for the detailed changes.
Version 2.1.956 has been released today. It comes with a shiny new om_http module which allows sending logs to HTTP services such as loggly, elasticsearch etc.
The pm_buffer module has been rewritten to use chunked file storage. This release contains several other fixes and improvements, see the included changelog for more information.
Version 2.0.926 of nxlog community edition has been released.
The most notable feature addition in this release is the xm_perl module. While the nxlog config language is already a powerful framework, it is not a full-featured programming language. The xm_perl module makes it possible to execute perl code and process event data using the perl language via a built-in perl interpreter. Now you can use thousands of available perl modules from CPAN or some other existing perl code directly from nxlog without the need to pipe data to external perl scripts.
There have been several other bug fixes and improvements, see the Changelog in the package.
Version 1.4.803 has been released today.
The im_file module has been enhanced so that it deals better with thousands of files and consumes less CPU. It will automatically retry files which gave a read error earlier instead of stopping completely. The im_msvistalog module now pulls all application logs by default in addition to the system logs. There were several other enhancements and bug fixes, the changelog is available in the source tarball.
Version 1.4.764 has been released.
size(), replace() and substr() functions are now available for string manipulation. Also added buffer_size() and buffer_count() functions to the pm_buffer module. This allows conditional buffering, see the Explicit drop section in the reference manual and this mailing list post about how this can be used.
Some other issues and bugs were fixed, details are in the ChangeLog.
Version 1.4.729 has been released.
Nxlog could already handle multi-line messages using module variables. This release adds a new extension module (xm_multiline) which makes it easier to process log messages spanning more than one line. It can handle java exception traces, DICOM logs and other multi-line log messages with a lot simpler configuration.
nxlog v1.4.712 has been released.
The most notable addition in this release is a new extension module xm_fileop which adds support for file operations. This allows more sophisticated log rotation which can be used also for nxlog's own logs.
See the full ChangeLog in the sources for the list of all enhancements and fixes included in this release.
I've added GELF output support to nxlog in version 1.4.624.
Now with this enhancement it is possible to collect logs from several platforms and sources and to forward it to graylog2 in GELF format so that the structured data is preserved and is available for search and analytics. The most notable source is probably Windows EventLog (from XP to W7) as you were requesting this, but I should note that there is a lot more that you can do with it.
See the docs for the details and usage.
Here is an example of a Windows EventLog message in graylog2.
XML and JSON is now supported as of version 1.4.615. nxlog can parse and generate both of these formats with the addition of two new extension modules: xm_json and xm_xml.
nxlog is the first open source logging tool to support both of these formats for parsing and generation. This paves the way for structured logging over standard formats. Now it is possible to convert logs between even more formats with the addition of these two.
The documentation has been greatly enhanced. Some possible memory leaks and race conditions were fixed. The code can now be compiled with older APR 1.2. Group memberships are honored on Unix/Linux, and a regression in the im_file module has been fixed when using wildcards.
The code can now be compiled for Android. SNARE Syslog format support has been added for output. The im_mseventlog module can now produce output in UTF-8 and its error handling was enhanced to be more fault tolerant against the EventLog subsystem's failures. The im_mseventlog and im_msvistalog modules now set the AccountType and Category fields. A ReadFromLast configuration directive was added for the im_mseventlog and im_file modules
This release fixes a database reconnection issue in om_dbi which was affecting PostgreSQL. Syslog conversion now strips newlines from the message. A new module, im_msvistalog, was added to support reading all messages from Windows EventLog on Windows2008, Vista, and later.
We are happy to announce that we have released NXLOG under an open source license (GPL/LGPL) today. This includes thousands of lines of source code and several years of development work.
Source code and binaries are available from the downloads section.