NXLog User Guide

This directive instructs the module to connect to a remote socket. The argument must be an IP address when SocketType is set to TCP or SSL. Otherwise it must be a name of a socket for UDS. Connect cannot be used together with the Listen directive. Multiple xm_soapadmin instances may be configured if multiple administration ports are required.

This directive instructs the module to accept connections. The argument must be an IP address when SocketType is TCP or SSL. Otherwise it must be the name of a socket for UDS. Listen cannot be used together with the Connect directive. Multiple xm_admin instances may be configured if multiple administration ports are required. If neither Listen nor Connect are specified, the module will listen with SocketType TCP on 127.0.0.1.

This specifies the port number used with the Listen or Connect modes. The default port is 8080.

This block defines directories which can be used with the GetFile and PutFile web service requests. The name of the ACL is used in these requests together with the filename. The filename can contain only characters [a-zA-Z0-9-._], so these file operations will only work within the directory.

Example 481. ACL Block Allowing Read and Write on Files in the Directory

This ACL is named "conf" and allows both GetFile and PutFile requests on the specified directory.

nxlog.conf

  
1
2
3
4
5

  
<ACL conf>
     Directory /var/run/nxlog/configs
     AllowRead TRUE
     AllowWrite TRUE
</ACL>

This optional directive can be used to specify an IP address or a network that is allowed to connect. The directive can be specified more than once to add different IPs or networks to the whitelist. The following formats can be used:

This boolean directive specifies that the remote connection should be allowed without certificate verification. If set to TRUE the remote will be able to connect with unknown and self-signed certificates. The default value is FALSE: all connections must present a trusted certificate. This directive is only valid if SocketType is set to SSL.

This specifies the path to a directory containing certificate authority (CA) certificates, which will be used to check the certificate of the remote socket. The certificate filenames in this directory must be in the OpenSSL hashed format. This directive is only valid if SocketType is set to SSL. A remote’s self-signed certificate (which is not signed by a CA) can also be trusted by including a copy of the certificate in this directory.

This specifies the path of the certificate authority (CA) certificate, which will be used to check the certificate of the remote socket. This directive is only valid if SocketType is set to SSL. To trust a self-signed certificate presented by the remote (which is not signed by a CA), provide that certificate instead.

This specifies the path of the certificate file to be used for SSL connections. This directive is only valid if SocketType is set to SSL.

This specifies the path of the certificate key file to be used for SSL connections. This directive is only valid if SocketType is set to SSL.

This specifies the path to a directory containing certificate revocation lists (CRLs), which will be consulted when checking the certificate of the remote socket. The certificate filenames in this directory must be in the OpenSSL hashed format. This directive is only valid if SocketType is set to SSL.

This specifies the path of the certificate revocation list (CRL) which will be consulted when checking the certificate of the remote socket. This directive is only valid if SocketType is set to SSL.

With this directive, a password can be supplied for the certificate key file defined in CertKeyFile. This directive is only valid if SocketType is set to SSL. This directive is not needed for password-less private keys.

This directive has been deprecated as of version 2.4. The module will try to reconnect automatically at increasing intervals on all errors.

This boolean directive specifies that the remote must present a certificate. If set to TRUE and there is no certificate presented during the connection handshake, the connection will be refused. The default value is TRUE: each connection must use a certificate. This directive is only valid if SocketType is set to SSL.

This directive sets the connection type. It can be one of the following:

This optional directive can be used to set the permitted SSL cipher list, overriding the default. Use the format described in the ciphers(1ssl) man page.

This boolean directive allows you to enable data compression when sending data over the network. The compression mechanism is based on the zlib compression library. If the directive is not specified, it defaults to FALSE (compression is disabled).

This directive can be used to set the allowed SSL/TLS protocol(s). It takes a comma-separated list of values which can be any of the following: SSLv2, SSLv3, TLSv1, TLSv1.1, and TLSv1.2. By default, the TLSv1, TLSv1.2, and TLSv1.2 protocols are allowed. Note that the OpenSSL library shipped by Linux distributions may not support SSLv2 and SSLv3, in which case these will not work even if enabled with SSLProtocol.

Download a file from the NXLog agent. This will only work if the specified ACL exists.

Download the log file from the NXLog agent.

Request information about a module instance.

Restart a module instance.

Start a module instance.

Stop a module instance.

Upload a file to the NXLog agent. This will only work if the specified ACL exists. A file can be a configuration file, certificate or certificate key, pattern database, correlation rule file, etc. Using this method enables NXLog to be reconfigured from a remote host.

Request information about the server. This will also return info about all module instances.

Restart the server.

Start all modules of the server, the opposite of ServerStop.

Stop all modules of the server. Note that the NXLog process will not exit, otherwise it would be impossible to make it come back online remotely. Extension modules are not stopped for the same reason.