NXlog Community Edition

NXlog Community Edition is an open source, multiplatform, universal and completely free command-line application implemented in C as a log forwarder and log collector supporting some of the widely used operating systems and protocols.

Supports a wide variety of protocols

Key features include support for a wide variety of log protocols and sources, including CSV (Comma Separated Value), Syslog, Graylog2 GELF, Windows EventLog, JSON, XML, and others. It features a modular architecture based on dynamically loadable plugins.

Among other features, we can mention scalable, multi-threaded and high-performance I/O for collecting messages at amazing speeds, built-in log rotation, scheduled tasks, support for offline processing modes, pattern matching, event classification, and secure network transport over SSL.

It's modular and uses a simple configuration format

In addition, the software’s offline processing mode is available for transfers, conversions and post processing operations. Logs can be rewritten or converted between various file formats, pattern matching and event classification is also supported by the application, along with log message prioritization and buffering.

Thanks to its modular architecture, NXlog Community Edition supports dynamically loadable plugins that will enhance its functionality and bring even more astonishing functions. The program makes use of a simple configuration format for storing its options.

Command-line options

Default command-line options include support for running the program in the foreground, not as a daemon, support for specifying a custom configuration file, support for reloading the configuration file of an active instance, support for sending a stop signal to an active Nxlog session, as well as support for verifying the syntax of the configuration file. These options and the usage message can be viewed in a terminal emulator by running the ‘nxlog --help’ command.

Supported on all mainstream operating systems

NXlog Community Edition is a true multiplatform, officially supported on all mainstream operating systems, including Microsoft Windows, Solaris, BSD, AIX, HP-UX, as well as all distributions of Linux. Additionally, the software runs on the Android mobile operating platform.

What is new in this release:

• The rename_field() procedure was removing the field if the source and destination were the same.
• The regexp and regexp replacement operators can now be used as statements, i.e. Exec $Message =~ s/aaa/bbb/;
• Regular expressions now support the /m modifier to do multiline matching.
• Regular expressions now support the /i modifier to do caseless matching.
• Regular expressions now support the /s modifier to make the '.' match newline characters.
• Fixed a regression introduced with the ActiveFiles directive in im_file when more than one truncation
• did not get noticed. (ticket #40@sf) Credits go to 'savionat'.
• Implemented missing parser support for IPv4 literals.
• Added a host_ip() function to return the IP address associated with the hostname.
• Using exec_async() could have exhausted the memory if it was called at a very high rate.
• om_udp would stop sending messages in some cases after logging "apr_socket_send failed;Connection refused",
• e.g. when graylog2 was not accepting udp packets. It should properly resume now.
• The to_syslog_snare() formatter should now produce better snare compliant output.
• Replace space, ']' and '"' with underscore in IETF syslog structured data field names.
• Context cleaning would result in a segfault in pm_evcorr's thresholded rule if there was no triggering.
• im_tcp and im_ssl on windows is not limited to 500 connections anymore.
• Non-wildcarded File contents would get lost with ReadFromLast FALSE when the file did not exist
• but did appear with unread data.
• im_file does not emit "input file does not exist" warnings at every PollInterval.
• The file_name() function caused assertion failures in some cases on shutdown.
• A regression caused a crash with im_file when the File did not exist.
• A typo in the code was causing a memory leak with rename_field().

What is new in version 2.7.1189:

• The LICENSE has changed.
• Added a new extension module to parse binary wtmp files on Linux.
• Fixed a regression causing a crash after the 'failed to determine FQDN hostname' error message.
• The to_syslog_*() procedures can now use $raw_event if $Message is unset to make it easier to convert to syslog.
• Added a fix to im_msvistalog to handle the "EvtNext failed with error 13: The data is invalid." error better.
• The im_file module now emits the last event when using with the xm_multiline extension.
• Fixed the issue with more than 20 fiels and xm_multiline reported in ticket #33.
• Json parse errors in raw_event could cause a double free resulting in a crash or undefined behavior.
• It is now possible to use multiple instances of xm_perl.
• Disallow using a single processor module instance in multiple routes.
• The file_chown() procedure in xm_fileop works with user/group names in addtion to uid/gid values.
• CloseWhenIdle directive for im_file.
• File removal in some circumstances caused im_file to emit "input file does not exist" messages on windows.
• In same rare cases im_file would give a panic on windows with "im_file got EAGAIN for read".
• The regexp replacement operator s/// was leaking memory.
• In some circumstances excess CPU was used when im_file watched several files.
• Added some more performance optimizations to im_file to handle a large number of wildcarded files
• so that it should consume less resources than before. It also comes with a new DirCheckInterval and
• an ActiveFiles directive which can help in some cases when monitoring wildcarded files.
• Added a RenameCheck directive to im_file which should help detecting renamed/rotated files.
• The deb installer got stuck after trying to (re)start the daemon.