NXLOG is a universal log collector and forwarder supporting different platforms (BSD, Unix, Linux, Windows, Android), log sources and protocols (Syslog, Windows EventLog, Graylog2 GELF, XML, JSON, CSV and more). Learn more...
Now works on AIX
Version 2.4.1054 has been released. This version now compiles and works on IBM AIX and should be fine on Solaris as well. This release contains numerous stabilization and bug fixes, consult the ChangeLog file for the detailed list of changes.
Advanced log correlation
Version 2.3.1027 has been released today. This version brings a new processor module named pm_evcorr which provides event correlation functionality in addition to the already available nxlog language features (variables and statistical counters). This module was greatly inspired by the Perl based sec.pl simple event correlation tool.
In addition to the above the following fixes and enhancements are available in this relese:
- A memory leak has been fixed in the expression evaluator when comparing an undef value against a string.
- pm_pattern's REGEXP match now works with integer fields.
- IETFTimestampInGMT config directive added to xm_syslog. Timestamps are now emitted in local time in IETF syslog.
- Fixed microsecond formatting in IETF syslog (credits go to Eric Wetzel).
2.2.1017 has been released
This release contains several smaller bug fixes and enhacements. The most notable feature addition is the SockBufSize option for the udp input module. Also added a section to the reference manual about parsing syslog from Cisco devices.
See the ChangeLog included in the sources for the detailed changes.Sending logs over HTTP(s)
Version 2.1.956 has been released today. It comes with a shiny new om_http module which allows sending logs to HTTP services such as loggly, elasticsearch etc.
The pm_buffer module has been rewritten to use chunked file storage. This release contains several other fixes and improvements, see the included changelog for more information.Use embedded perl to create complex log processing rules
Version 2.0.926 of nxlog community edition has been released.
The most notable feature addition in this release is the xm_perl module. While the nxlog config language is already a powerful framework, it is not a full-featured programming language. The xm_perl module makes it possible to execute perl code and process event data using the perl language via a built-in perl interpreter. Now you can use thousands of available perl modules from CPAN or some other existing perl code directly from nxlog without the need to pipe data to external perl scripts.
There have been several other bug fixes and improvements, see the Changelog in the package.Now scaling better with thousands of files
Version 1.4.803 has been released today.
The im_file module has been enhanced so that it deals better with thousands of files and consumes less CPU. It will automatically retry files which gave a read error earlier instead of stopping completely. The im_msvistalog module now pulls all application logs by default in addition to the system logs. There were several other enhancements and bug fixes, the changelog is available in the source tarball.Conditional buffering in 1.4.764
Version 1.4.764 has been released.
size(), replace() and substr() functions are now available for string manipulation. Also added buffer_size() and buffer_count() functions to the pm_buffer module. This allows conditional buffering, see the Explicit drop section in the reference manual and this mailing list post about how this can be used.
Some other issues and bugs were fixed, details are in the ChangeLog.Support for multi-line messages
Version 1.4.729 has been released.
Nxlog could already handle multi-line messages using module variables. This release adds a new extension module (xm_multiline) which makes it easier to process log messages spanning more than one line. It can handle java exception traces, DICOM logs and other multi-line log messages with a lot simpler configuration.More log rotation
nxlog v1.4.712 has been released.
The most notable addition in this release is a new extension module xm_fileop which adds support for file operations. This allows more sophisticated log rotation which can be used also for nxlog's own logs.
See the full ChangeLog in the sources for the list of all enhancements and fixes included in this release.Version 1.4.686 is available
This release adds various stabilization fixes, some new module functions (including hostname() and file_name()) in im_file, and a working strptime() on Windows.
Graylog2 GELF support added
I've added GELF output support to nxlog in version 1.4.624.
Now with this enhancement it is possible to collect logs from several platforms and sources and to forward it to graylog2 in GELF format so that the structured data is preserved and is available for search and analytics. The most notable source is probably Windows EventLog (from XP to W7) as you were requesting this, but I should note that there is a lot more that you can do with it.
See the docs for the details and usage.Here is an example of a Windows EventLog message in graylog2.
The first to support both XML and JSON
XML and JSON is now supported as of version 1.4.615. nxlog can parse and generate both of these formats with the addition of two new extension modules: xm_json and xm_xml.
nxlog is the first open source logging tool to support both of these formats for parsing and generation. This paves the way for structured logging over standard formats. Now it is possible to convert logs between even more formats with the addition of these two.nxlog v1.4.607 released
The documentation has been greatly enhanced. Some possible memory leaks and race conditions were fixed. The code can now be compiled with older APR 1.2. Group memberships are honored on Unix/Linux, and a regression in the im_file module has been fixed when using wildcards.
nxlog v1.4.571 released
The code can now be compiled for Android. SNARE Syslog format support has been added for output. The im_mseventlog module can now produce output in UTF-8 and its error handling was enhanced to be more fault tolerant against the EventLog subsystem's failures. The im_mseventlog and im_msvistalog modules now set the AccountType and Category fields. A ReadFromLast configuration directive was added for the im_mseventlog and im_file modules
nxlog v1.4.539 released
The newer IETF syslog standard (RFC 5424, 5425, 5426) is now fully supported. The I/O layer has been rewritten, which yields a 2-3x performance boost in some situations.
nxlog v1.2.494 released
This release fixes a database reconnection issue in om_dbi which was affecting PostgreSQL. Syslog conversion now strips newlines from the message. A new module, im_msvistalog, was added to support reading all messages from Windows EventLog on Windows2008, Vista, and later.
nxlog v1.2.465 released
This release fixes the service start in the Windows version when the executable was invoked directly, and adds a README file which is displayed at the end of the installation.
nxlog v1.2.461 released
This release fixes the exec_async() call, which was generating zombies under some circumstances. Sample nxlog.conf files have been added.
Now available as Open Source
We are happy to announce that we have released NXLOG under an open source license (GPL/LGPL) today. This includes thousands of lines of source code and several years of development work.
Source code and binaries are available from the downloads section.
Enjoy!
