109. Input Modules
Input modules are responsible for collecting event log data from various sources.
Each module provides a set of fields for each log message, these are documented in the corresponding sections below. The NXLog core will add to this set the fields listed in the following section.
-
Process Accounting (im_acct) – Collects process accounting logs from a Linux or BSD kernel
-
AIX Auditing (im_aixaudit) – Reads AIX Audit events directly from the kernel
-
Azure (im_azure) – Connects to Azure and collects logs stored in a blob or table
-
Batched Compression (im_batchcompress) – Accepts compressed log batches from another NXLog agent
-
Basic Security Module Auditing (im_bsm) – Reads BSM Auditing logs directly from the kernel
-
Check Point OPSEC LEA (im_checkpoint) – Collects logs remotely from Check Point devices
-
DBI (im_dbi) – Collects log data from an external database with the libdbi library
-
Event Tracing for Windows (im_etw) – Collects logs from ETW on Windows systems
-
External Programs (im_exec) – Executes a program or script and reads log data from standard output
-
Files (im_file) – Reads log messages from files
-
File Integrity Monitoring (im_fim) – Scans files and directories and generates events for detected changes
-
HTTP(s) (im_http) – Accepts log messages via HTTP or HTTPS connections
-
Internal (im_internal) – Provides NXLog’s internal logs as an input source
-
Kafka (im_kafka) – Collects event records from an Apache Kafka topic
-
Kernel (im_kernel) – Reads messages from the kernel log buffer on Linux, BSD, or macOS
-
Linux Audit System (im_linuxaudit) – Configures Linux Auditing and collects logs without requiring auditd
-
Mark (im_mark) – Generates mark messages periodically
-
EventLog for Windows XP/2000/2003 (im_mseventlog) – Collects EventLog messages from Windows 2003 and earlier
-
EventLog for Windows 2008/Vista and Later (im_msvistalog) – Collects EventLog messages from recent versions of Windows
-
Null (im_null) – Provides a dummy input for testing or scheduled execution
-
Oracle OCI (im_oci) – Reads log data from an Oracle database
-
ODBC (im_odbc) – Uses the ODBC abstraction layer to read log data from a database
-
Perl (im_perl) – Provides a Perl API for generating log data
-
Python (im_python) – Provides a Python API for generating log data
-
Redis (im_redis) – Retrieves log data from a Redis server
-
Windows Registry Monitoring (im_regmon) – Scans the Registry and generates events for detected changes
-
Ruby (im_ruby) – Provides a Ruby API for generating log data
-
TLS/SSL (im_ssl) – Accepts log data over SSL/TLS-secured connections
-
TCP (im_tcp) – Accepts log data over TCP connections
-
Test Generator (im_testgen) – Generates log data for testing purposes
-
UDP (im_udp) – Accepts log data via UDP datagrams
-
Unix Domain Sockets (im_uds) – Receives log messages over a local Unix domain socket
-
Windows Performance Counters (im_winperfcount) – Generates event records containing Performance Counter values
-
Windows Management Instrumentation (im_wmi) – Uses WMI to collect EventLog messages from remote Windows systems
-
Windows Event Collector (im_wseventing) – Uses WEF to collect EventLog messages from remote Windows systems
-
ZeroMQ (im_zmq) – Provides a log data input via ZeroMQ message transport