perfmon-nxlog.conf

## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/docs/

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel INFO

# nxlog internal log rotation and retention
define NXLOGFILE %ROOT%\data\nxlog.log

<Extension fileop>
    Module      xm_fileop

    # Check the size of our log file every x time and rotate if it is larger than x MB
    <Schedule>
        Every   1 min
        Exec    if (file_size('%NXLOGFILE%') >= 20M) file_cycle('%NXLOGFILE%', 5);
    </Schedule>

    # Rotate our log file every week on sunday at midnight
    <Schedule>
        When    @weekly
        Exec    file_cycle('%NXLOGFILE%', 5);
    </Schedule>
</Extension>

<Extension syslog>
    Module      xm_syslog
</Extension>

<Extension json>
    Module      xm_json
</Extension>

<Processor disk_buffer>
    Module      pm_buffer
    MaxSize     200000
    WarnLimit   190000
    Type    Disk
    Exec    if buffer_size() >= 195m drop();
</Processor>

# Perfmon input configs
<Extension perfmon>
    Module      xm_csv
    Fields  $EventTime,\
            $processor_time,\
            $memory_available,\
            $disk_idle_time, $disk_sec_pread, $disk_sec_pwrite, $disk_reads_psec, $disk_writes_psec, $disk_read_bytes_psec, $disk_write_bytes_psec, $disk_queue_length
    Delimiter   ','
    QuoteChar   '"'
    EscapeControl FALSE
    UndefValue  -1
</Extension>

<Input in_perfmon>
    Module  im_exec
    Command c:\windows\system32\typeperf.exe
    Arg     \Processor Information(_Total)\% Processor Time
    Arg     \Memory\Available Bytes
    Arg     \LogicalDisk(_Total)\% Idle Time
    Arg     \LogicalDisk(_Total)\Avg. Disk sec/Read
    Arg     \LogicalDisk(_Total)\Avg. Disk sec/Write
    Arg     \LogicalDisk(_Total)\Disk Reads/sec
    Arg     \LogicalDisk(_Total)\Disk Writes/sec
    Arg     \LogicalDisk(_Total)\Disk Read Bytes/sec
    Arg     \LogicalDisk(_Total)\Disk Write Bytes/sec
    Arg     \LogicalDisk(_Total)\Current Disk Queue Length
    Arg     -si
    Arg     10
    InputType LineBased
    <Exec>
        if $raw_event =~ /^\"\(/ drop();
        if $raw_event =~ s/\" \"/-1/g ;
        perfmon->parse_csv();
        $hostname = lc(hostname());
        $type = "perfmon";
        delete($EventReceivedTime);
        delete($SourceModuleName);
        delete($SourceModuleType);
        to_json();
    </Exec>
</Input>

# Send to Logstash
<Output out_logstash>
    Module  om_tcp
    Host    192.168.0.10
    Port    5000
    OutputType  LineBased
</Output>

<Route logstash_disk_buffer>
    Path    in_perfmon => disk_buffer => out_logstash
</Route>