126. Box
The Box add-on can be used to pull events from Box using their REST API. Events will be passed to NXLog in Syslog format with the JSON event in the message field.
To set up the add-on, follow these steps.
The script saves the current timestamp to a state file in order to properly
resume when it is terminated. If the state file does not exist, the script
will collect logs beginning with the current time. To manually specify a
starting timestamp (in milliseconds since the epoch), pass it as an argument:
./box-pull.pl --stream_position=1440492435762.
This configuration uses the im_exec module to run the script, which connects to Box and returns Syslog-encapsulated JSON. The xm_syslog parse_syslog() and xm_json parse_json() procedures are used to parse each event into internal NXLog fields. Additional modification to the fieldset can be added, as required, in the Input instance Exec block.
For the sake of demonstration, all internal fields are then converted back to JSON and written to file.
![[Download file]](images/icons/download_icon.png "Download file"){kind=icon}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
<Extension _json>
Module xm_json
</Extension>
<Extension _syslog>
Module xm_syslog
</Extension>
<Input box>
Module im_exec
Command /opt/nxlog/lib/nxlog/box-pull.pl
Arg --client_id=YEKigehUh0u4pXeKSgKzwTbfii2stCwU
Arg --client_secret=3VRiqMuPDuUYeTXA5Ds9R0B4TnL35WRy
Arg --enterprise_id=591376
Arg --oauthurl=https://api.box.com/oauth2/token
Arg --certkeyfile=privkey.pem
Arg --baseurl=https://api.box.com/2.0
Arg --pollinterval=5
Arg --statefile=/opt/nxlog/var/lib/nxlog/box-pull.dat
Arg --syslogpri=<13>
<Exec>
parse_syslog();
parse_json($Message);
</Exec>
</Input>
<Output file>
Module om_file
File '/tmp/output'
Exec to_json();
</Output>