From e5b1e9d26cbb55959f8edaab305fb1ace92c76b0 Mon Sep 17 00:00:00 2001 From: Esther Kim Date: Thu, 12 Dec 2024 12:15:17 -0500 Subject: [PATCH] Update NXLog to include om_http module --- content/en/integrations/nxlog.md | 207 +++---------------------------- 1 file changed, 19 insertions(+), 188 deletions(-) diff --git a/content/en/integrations/nxlog.md b/content/en/integrations/nxlog.md index 6f4e3aef8262b..5fb0b8fc51313 100644 --- a/content/en/integrations/nxlog.md +++ b/content/en/integrations/nxlog.md @@ -10,7 +10,7 @@ doc_link: /integrations/nxlog/ aliases: - /logs/log_collection/nxlog has_logo: true -integration_title: nxlog +integration_title: NXLog is_public: true dependencies: ['https://github.com/DataDog/documentation/blob/master/content/en/integrations/nxlog.md'] @@ -22,20 +22,19 @@ integration_id: "nxlog" ## Overview -Configure NXLog to gather logs from your host, containers, & services. +Configure NXLog to gather logs from your host, containers, and services. ## Setup -### Log collection +The following outlines the setup for log collection through [TCP](#log-collection-over-tcp) or [HTTP](#log-collection-over-http) endpoints and [NXLog TLS encryption](#nxlog-tls-encryption). + +### Log collection over TCP {{< site-region region="us3,us5,ap1,gov" >}}
The TCP endpoint is not supported for your selected Datadog site ({{< region-param key="dd_site_name" >}}). For a list of logging endpoints, see Log Collection and Integrations.
{{< /site-region >}} -{{< site-region region="us1,eu" >}} -{{< tabs >}} -{{% tab "TCP" %}} 1. Configure NXLog to send your logs to your Datadog platform, replace the whole file in `C:\Program Files\nxlog\conf` by the following: ```conf @@ -69,8 +68,8 @@ Configure NXLog to gather logs from your host, containers, & services. ##TCP output module Module om_tcp - Host intake.logs.datadoghq.com - Port 10514 + Host {{< region-param key="web_integrations_endpoint" >}} + Port {{< region-param key="tcp_endpoint_port" >}} Exec to_syslog_ietf(); Exec $raw_event=" "+$raw_event; @@ -118,34 +117,9 @@ Configure NXLog to gather logs from your host, containers, & services. Exec $ddtags = 'env:test,:'; ``` -### NXLog TLS encryption - -1. Download the [CA certificate][1]. - -2. Add the `om_ssl` module in your NXLog configuration to enable secure transfer over port 10516: - - ```conf - - Module om_ssl - Host intake.logs.datadoghq.com - Port 10516 - Exec to_syslog_ietf(); - Exec $raw_event="my_api_key " + $raw_event; - CAFile /ca-certificates.crt - AllowUntrusted FALSE - - ``` - -[1]: /resources/crt/ca-certificates.crt - -{{< /site-region >}} - -{{< tabs >}} -{{% tab "Datadog US site" %}} +### Log collection over HTTP -1. Configure NXLog to send your logs to your Datadog platform, replace the whole file in `C:\Program Files\nxlog\conf` by the following: - - ```conf +```conf ## Set the ROOT to the folder your nxlog was installed into, ## otherwise it won't start. #To change for your own system if necessary @@ -173,11 +147,11 @@ Configure NXLog to gather logs from your host, containers, & services. # Module im_mseventlog ############ OUTPUTS ############## - ##TCP output module + ##HTTP output module - Module om_tcp - Host intake.logs.datadoghq.com - Port 10514 + Module om_http + URL {{< region-param key="http_endpoint" >}} + Port {{< region-param key="http_port" >}} Exec to_syslog_ietf(); Exec $raw_event=" "+$raw_event; @@ -185,45 +159,7 @@ Configure NXLog to gather logs from your host, containers, & services. Path syslogs => out - ``` - - Do not forget to replace `` in the format. - -2. Activate NXLog watchfile module for each file you want to monitor, add the following before the output section: - - ```conf - ##Module to watch a file - - Module im_file - File "PATH\\TO\\YOUR\\FILE1" - Exec $SourceName = ''; - SavePos TRUE - - ##include the message and add meta data - Exec $Message = $raw_event; - - ``` - -3. Make sure those files are plugged in the output section: - - ```conf - - Path FILE_WATCH_1,FILE_WATCH_2,... => out - - ``` - -4. Restart NXLog. Open the service administrative tool: - - ```text - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Services.lnk - ``` - -5. (Optional) Set extra parameters or tags. Add any specific attribute to your logs in each input section of your NXLog configuration file. For instance, to specify the source that is used in Datadog to identify the integration the logs come from, use: - - ```conf - Exec $ddsource = 'mysourcevalue'; - Exec $ddtags = 'env:test,:'; - ``` +``` ### NXLog TLS encryption @@ -234,8 +170,8 @@ Configure NXLog to gather logs from your host, containers, & services. ```conf Module om_ssl - Host intake.logs.datadoghq.com - Port 10516 + Host {{< region-param key="web_integrations_endpoint" >}} + Port {{< region-param key="tcp_endpoint_port" >}} Exec to_syslog_ietf(); Exec $raw_event="my_api_key " + $raw_event; CAFile /ca-certificates.crt @@ -244,116 +180,11 @@ Configure NXLog to gather logs from your host, containers, & services. ``` [1]: /resources/crt/ca-certificates.crt -{{% /tab %}} -{{% tab "Datadog EU site" %}} - -1. Configure NXLog to send your logs to your Datadog platform, replace the whole file in `C:\Program Files\nxlog\conf` by the following: - - ```conf - ## Set the ROOT to the folder your nxlog was installed into, - ## otherwise it won't start. - #To change for your own system if necessary - define ROOT C:\Program Files\nxlog - #define ROOT_STRING C:\Program Files\nxlog - #define ROOT C:\Program Files (x86)\nxlog - Moduledir %ROOT%\modules - CacheDir %ROOT%\data - Pidfile %ROOT%\data\nxlog.pid - SpoolDir %ROOT%\data - LogFile %ROOT%\data\nxlog.log - ##Extension to format the message in JSON format - - Module xm_json - - ##Extension to format the message in syslog format - - Module xm_syslog - - ########## INPUTS ########### - ##Input for windows event logs - - Module im_msvistalog - ##For windows 2003 and earlier use the following: - # Module im_mseventlog - - ############ OUTPUTS ############## - ##TCP output module - - Module om_tcp - Host tcp-intake.logs.datadoghq.eu - Port 1883 - Exec to_syslog_ietf(); - Exec $raw_event=" "+$raw_event; - - ############ ROUTES TO CHOOSE ##### - - Path syslogs => out - - ``` - Do not forget to replace `` in the format. - -2. Activate NXLog watchfile module for each file you want to monitor, add the following before the output section: - - ```conf - ##Module to watch a file - - Module im_file - File "PATH\\TO\\YOUR\\FILE1" - Exec $SourceName = ''; - SavePos TRUE - - ##include the message and add meta data - Exec $Message = $raw_event; - - ``` - -3. Make sure those files are plugged in the output section: - - ```conf - - Path FILE_WATCH_1,FILE_WATCH_2,... => out - - ``` - -4. Restart NXLog. Open the service administrative tool: - - ```text - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Services.lnk - ``` - -5. (Optional) Set extra parameters or tags. Add any specific attribute to your logs in each input section of your NXLog configuration file. For instance, to specify the source that is used in Datadog to identify the integration the logs come from, use: - - ```conf - Exec $ddsource = 'mysourcevalue'; - Exec $ddtags = 'env:test,:'; - ``` - -### NXLog TLS encryption - -1. Download the [CA certificate][1] - -2. Add the `om_ssl` module in your NXLog configuration to enable secure transfer over port 443: - - ```conf - - Module om_ssl - Host intake.logs.datadoghq.com - Port 443 - Exec to_syslog_ietf(); - Exec $raw_event="my_api_key " + $raw_event; - CAFile /ca-certificates.crt - AllowUntrusted FALSE - - ``` - - -[1]: /resources/crt/ca-certificates.crt -{{% /tab %}} -{{< /tabs >}} ## Troubleshooting -Need help? Contact [Datadog support][1]. +Need help? Contact [Datadog support][2]. -[1]: /help/ +[1]: /resources/crt/ca-certificates.crt +[2]: /help/