How To Install NxLog Using Ansible


In this article, you will learn how to install NxLog in a remote server, (or a set of servers) using Ansible. NXLog is a multi-platform log collection and centralization tool that offers log processing features, including log enrichment (parsing, filtering, and conversion) and log forwarding. It supports all major operating systems such as Windows, Mac OS, RHEL, Debian, Ubuntu. Among others, one of the main advantages of NxLog is that offers flexibility, low CPU core count to operate, and a small memory footprint.

Ansible is a configuration management tool that streamlines various workflows of Server Administration tasks like installing and updating software packages, configuring installed software, or even provisioning infrastructure such as compute disks, formatting, and mounting them.


  1. A provisioned server or a set of servers, with known public IPs and externally accessible.
  2. Root access, and a non-root user with Sudo privileges.
  3. Ansible installed on your local machine.
  4. A junior level of technical system administration competency.

Step 1: Create SSH Keys

The reason that SHH Keys needs to be created, its because Ansible uses SSH which will allow it to log in to remote servers and perform its predefined tasks. You may think of it as SSH on steroids. For creating our keys, we will be using the ed25519 algorithm which is considered safer than the RSA algorithm.

ssh-keygen -t ed25519 -f .ssh/ansible_id_ed25519 -C ""
  • -t defines the algorithm used to create the ssh key-pair.
  • -f defines the filename of our key.
  • -C defines a comment.

You should see something similar to this:

root@DESKTOP-I16BCCU:~# ssh-keygen -t ed25519 -f .ssh/ansible_id_ed25519 -C ""
Generating public/private ed25519 key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in .ssh/ansible_id_ed25519
Your public key has been saved in .ssh/
The key fingerprint is:
The key's randomart image is:
+--[ED25519 256]--+
|         .+o++**B|
|         ..B+*B=+|
|        . = +=+*o|
|         = o .o.+|
|        S *    ..|
|         =     o |
|        o o.  . .|
|       o o .o   .|
|        o .o.  E |

Now that you created your private and public ssh key pair, you will have to copy the public key to your remote server. This can be done like so:

ssh-copy-id -i .ssh/ username@ip_address

What this command actually does under the hood, is that it just copies your public key to your specified user’s authorized_keys file.

Note that the public key copied to authorized_keys, will only work for the user you specified in ssh-copy-id command, which at the example above is “username”. If you have configured your DNS “A” records to point to your server’s ip, then you can use a domain name as well.

When you run the command above, you will be asked to type the user’s password when connecting to the server. Type it, hit Enter, and then the key will be automatically appended to the authorized_keys file. From that point on, you have enabled password-less login to your server, and Ansible is ready to perform its actions.

If you encounter the error “Permission denied (publickey)” while you copy your public key to the remote server, then follow the steps below:

  1. On Linux systems, ssh to the remote server and edit the file located at /etc/ssh/sshd_config, and make sure PasswordAuthentication yes is uncommented. Then restart the daemon with sudo systemctl restart sshd
  2. On Windows, ssh to the remote server and edit the file located at C:\ProgramData\ssh\sshd_config and uncomment #PasswordAuthentication yes.

Step 2:  Installing NxLog With Ansible

Ideally, we need to write a simple Ansible Playbook that installs NxLog in an operating system agnostic way. This way will allow the appropriate Nxlog setup file, to be installed to the correct operating system.

To keep things simple, we shall create an ansible-playbook that will handle all the necessary tasks for us. For those that haven’t worked with Ansible, there are two very basic things to know:

  • We need to set up ssh key-pairs for Ansible to communicate with the server or servers (this topic is already covered).
  • We need to create an inventory file that will hold the IP Addresses of the servers we want our tasks to run on.
  • A vars.yml file needs to be created. This file is a simple key : value YAML file that holds some variables we define.

The inventory file is a file that we can use to group our servers into certain groups. This can be done by simply typing the group name inside square brackets. For instance [nxlog_servers].

Having these basics in mind, we may proceed to create our first Playbook. Now run the command:

mkdir ansible; touch ansible/playbook.yml; touch vars.yml; touch inventory; cd ansible

The command above will create a directory named “ansible”, a playbook.yml file, a vars.yml file, and an inventory file, within that directory. Lastly, it changes our current working directory inside the ansible folder.

First, we need to populate the inventory file with the following inventory contents:


ubuntu ansible_ssh_host= #replace with the server ip address you want nxlog to be installed

Then we need to create the vars.yaml file with the variables we want to use in our playbook. These variables will be the URLs of the downloadable packages that we need to install, and each one of them will be mapped to a variable to be used.



Now you have to begin editing the playbook.yml file with the tasks that we want to be executed. For the purpose of this tutorial, these are 2 tasks. Installing NxLog, and starting it up.


- hosts: nxlog_servers
    - vars.yml
  become: true
  become_user: root

    - name: Install NxLog For Ubuntu Focal
        deb: "{{ ubuntu_focal_url }}"
      when: "ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'focal'"

    - name: Start NxLog On Ubuntu Focal
      command: service nxlog start
      when: "ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'focal'"

    - name: Install NxLog For Debian Buster
        deb: "{{ debian_buster_url }}"
      when: "ansible_distribution == 'Debian' and ansible_distribution_release == 'buster'"

    - name: Start NxLog On Debian Buster
      command: systemctl start nxlog
      when: "ansible_distribution == 'Debian' and ansible_distribution_release == 'buster'"

    - name: Install NxLog For RHEL 8 (Centos 8)
        name="{{ rhel_8_url }}"
      when: "ansible_distribution == 'RedHat' and ansible_distribution_major_version == '8'"

    - name: Start NxLog For RHEL 8 (Centos 8)
      command: systemctl start nxlog
      when: "ansible_distribution == 'RedHat' and ansible_distribution_major_version == '8'"

    - name: Install NxLog For Windows
        path: "{{ windows_url }}"
        state: present
      when: ansible_distribution == 'Windows'

    - name: Start NxLog NxLog For Windows
      win_command: 'C:\Program Files\nxlog\nxlog.exe -f'
      when: ansible_distribution == 'Windows'

The command to execute the playbook is:

ansible-playbook -i inventory -u your_user_name --ask-become-pass --private-key ~/.ssh/ansible_id_ed25519  playbook.yml

In the above command you can notice the command flags below:

  1. -i: This is the inventory your playbook will be using to log in to the servers.
  2. -u: The user the playbook will be using.
  3. –ask-become-pass: The user’s password in order to execute commands with Sudo privileges.
  4. –private-key: The private key location you have already created in Step 1.

What is really happening under the hood is that Ansible is logging in as a non-root user, and after it successfully logs in a privilege escalation takes place, and all tasks are executed as root. This is a more secure way than logging in directly as a root user.


PLAY [nxlog_servers] ***********************************************************

TASK [Gathering Facts] *********************************************************
ok: [ubuntu]

TASK [Install NxLog For Ubuntu Focal] *****************************************
ok: [ubuntu]

TASK [Start NxLog On Ubuntu Focal] *********************************************
changed: [ubuntu]

TASK [Install NxLog For Debian Buster] ****************************************
skipping: [ubuntu]

TASK [Start NxLog On Debian Buster] ********************************************
skipping: [ubuntu]

TASK [Install NxLog For RHEL 8 (Centos 8)] ************************************
skipping: [ubuntu]

TASK [Start NxLog For RHEL 8 (Centos 8)] ***************************************
skipping: [ubuntu]

TASK [Install NxLog For Windows] **********************************************
skipping: [ubuntu]

TASK [Start NxLog NxLog For Windows] *******************************************
skipping: [ubuntu]

PLAY RECAP *********************************************************************
ubuntu                     : ok=3    changed=1    unreachable=0    failed=0    skipped=6    rescued=0    ignored=0

As you can see, Ansible successfully recognized that the only operating system candidate for installing Nxlog was Ubuntu, and it went ahead and proceed with the installation while skipping all the rest.

Playbook Explanation

Below you will learn what each section of the playbook actually does:

  1. hosts: The purpose of the “hosts” is to define to which exactly servers will be remotely accessed (the techy word is “sshed”), to perform the tasks that you instructed it to do.
  2. vars_files: This is actually a list with the files containing the variables you will be using later on. Multiple var files can be declared. As you have noticed by now, the playbook contains the variables we declared to the vars.yml file inside double curly brackets, which is also inside double-quotes. This is Ansible’s method of variable expansion.
  3. become: This instructs Ansible that it will be using another user than the one that the ssh-keys were made for. In the playbook demonstrated above,  that user is the root user. This is mandatory because NxLog is not installed in the user’s $HOME directory, and outside of it there are by default, no write permissions.
  4. become_user: This is the user that was just discussed above, the root user in our case. Depending on the task, it might be different.
  5. tasks: This section contains a list of the tasks that will be executed on the remote servers.

Each task has multiple portions:

  • name: The name of the task.
  • apt: Used to invoke the Debian/Ubuntu native package manager that installs, upgrades, or removes a program.
  • deb: Path to a .deb package. Can be a URL or a local file. If :// in the path, Ansible will attempt to download deb before installing.
  • command: The command to run on the remote machine. Alternatively, cmd: | can be used instead to execute multiple commands.
  • yum: Used to invoke the RHEL native package manager that installs, upgrades, or removes a program.
  • win_package: Used to invoke the Windows Installer, that installs, upgrades, or removes a program.
  • when: Is used to define basic conditionals. It’s similar to if-else which is used in many programming languages.


By finishing reading this tutorial you should be already familiar with what Nxlog is, and how it can be installed with Ansible, one of the most popular configuration management tools.