IIS Log reading to parse then Syslog | Log collection solutions

#1 smartdave 5 years ago

Good afternoon. I am trying to see if NXlog can solve a use case I have with IIS.

Input file file contains:

#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken 2017-11-22 11:00:17 192.168.30.60 HEAD /Autodiscover - 443 - 192.168.30.58 HttpProxy.ClientAccessServer2010Ping 401 2 5 325 166 0

What I was hoping I could do with NXlog was to read the log file then send it in syslog in key value pairs using the fields I defined (which would match what IIS gives me

I need Nxlog to send in syslog ->

<12> date="2017-11-22",time="11:00:17",s-ip="192.168.30.60",cs-method="HEAD".....

Thanks

Dave

Permalink

#2 b0ti Nxlog ✓ 5 years ago

#1 smartdave

Good afternoon. I am trying to see if NXlog can solve a use case I have with IIS. Input file file contains: #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken 2017-11-22 11:00:17 192.168.30.60 HEAD /Autodiscover - 443 - 192.168.30.58 HttpProxy.ClientAccessServer2010Ping 401 2 5 325 166 0 What I was hoping I could do with NXlog was to read the log file then send it in syslog in key value pairs using the fields I defined (which would match what IIS gives me I need Nxlog to send in syslog -> <12> date="2017-11-22",time="11:00:17",s-ip="192.168.30.60",cs-method="HEAD"..... Thanks Dave

This is doable. You can parse IIS logs with parse_w3c() or parse_csv(), then convert to KVP and finally to syslog:

<Exec> 
  parse_w3c();
  $Message = to_kvp();
  to_syslog_bsd();
</Exec>