send iis log to logserver
Tags:
ossim log server
#1
BZ_708214
hi
who i can get iis web server logs and then send them to ossim log server?
Hello,
you might want to start with Microsoft docs related to IIS log configuration. Once you have it done, you may approach the problem in several ways, for instance, you can use xm_csv to parse the result and push it anywhere you wish.
Sample nxlog.conf part for parsing might look like this - it comes from our documentation, you can find many answers there:
<Extension w3c_parser>
Module xm_csv
Fields date, time, s-ip, cs-method, cs-uri-stem, cs-uri-query, \
s-port, cs-username, c-ip, cs(User-Agent), cs(Referer), \
sc-status, sc-substatus, sc-win32-status, time-taken
FieldTypes string, string, string, string, string, string, integer, \
string, string, string, string, integer, integer, integer, \
integer
Delimiter ' '
EscapeChar '"'
QuoteChar '"'
EscapeControl FALSE
UndefValue -
</Extension>
<Input iis_w3c>
Module im_file
File 'C:\inetpub\logs\LogFiles\W3SVC*\u_ex*.log'
<Exec>
if $raw_event =~ /^#/ drop();
else
{
w3c_parser->parse_csv();
$EventTime = parsedate($date + "T" + $time + ".000Z");
}
</Exec>
</Input>
In case of sending it - I'm guessing you want to use UDP, so please, take a look at the om_udp module - docs are here.
Good luck,
Rafal
