NXLog search
Let's talk Start free
Let's talk Start free

How can I create a custom nxlog.conf file with powershell?

View thread
adam

Hello, I want to send IIS W3C logs to the Syslog server. The nxlog.conf file is as follows. If we assume that there are too many domains on the server, I want to quickly create this config file with powershell. Is this possible?

In this configuration file, I can define the website and log directories manually. This is true, but it may be easier to add website and log directories by creating a "dynamically" config file.

When I add a wildcard "*" instead of website-name and folders with site ids such as W3SVC10, W3SVC11, no log is sent to the syslog server.

# Domain list:
Get-ChildItem C:\inetpub\vhosts -Directory -Exclude .skel,default,forwarding,Servers,sitebuilder,webmail | ForEach-Object {$_.Name}

# Log Directories Path:
Get-Website domain1.org | % { Join-Path ($_.logFile.Directory -replace '%SystemDrive%', $env:SystemDrive) "W3SVC$($_.id)" }
Get-Website domain2.net | % { Join-Path ($_.logFile.Directory -replace '%SystemDrive%', $env:SystemDrive) "W3SVC$($_.id)" }

If we can do this with an alternative method, it is not necessary to do it with powershell. Do you have any suggestions?

Panic Soft
#NoFreeOnExit TRUE

define ROOT     C:\Program Files (x86)\nxlog
define CERTDIR  %ROOT%\cert
define CONFDIR  %ROOT%\conf
define LOGDIR   %ROOT%\data
define LOGFILE  %LOGDIR%\nxlog.log
LogFile %LOGFILE%

Moduledir %ROOT%\modules
CacheDir  %ROOT%\data
Pidfile   %ROOT%\data\nxlog.pid
SpoolDir  %ROOT%\data

<Extension json>
    Module      xm_json
</Extension>
 
<Extension syslog>
    Module xm_syslog
</Extension>
 
<Input internal>
    Module im_internal
</Input>
 
# Watch your IIS log files
<Input domain1.org>
    Module   im_file
    File     'C:\Inetpub\vhosts\domain1.org\logs\iis\W3SVC8\u_ex*.log'
    SavePos  TRUE
	Recursive TRUE
    Exec     $Message = $raw_event;
</Input>

# Watch your IIS log files
<Input domain2.net>
    Module   im_file
    File     'C:\Inetpub\vhosts\domain2.net\logs\iis\W3SVC9\u_ex*.log'
    SavePos  TRUE
	Recursive TRUE
    Exec     $Message = $raw_event;
</Input>

# Watch your IIS log files
<Input domain3.com>
    Module   im_file
    File     'C:\Inetpub\vhosts\domain3.com\logs\iis\W3SVC10\u_ex*.log'
    SavePos  TRUE
	Recursive TRUE
    Exec     $Message = $raw_event;
</Input>

# Watch your IIS log files
<Input domain4.ru>
    Module   im_file
    File     'C:\Inetpub\vhosts\domain4.ru\logs\iis\W3SVC11\u_ex*.log'
    SavePos  TRUE
	Recursive TRUE
    Exec     $Message = $raw_event;
</Input>

# Watch your IIS log files
<Input domain5.de>
    Module   im_file
    File     'C:\Inetpub\vhosts\domain5.de\logs\iis\W3SVC12\u_ex*.log'
    SavePos  TRUE
	Recursive TRUE
    Exec     $Message = $raw_event;
</Input>

# Watch your IIS log files
<Input domain6.nl>
    Module   im_file
    File     'C:\Inetpub\vhosts\domain6.nl\logs\iis\W3SVC13\u_ex*.log'
    SavePos  TRUE
	Recursive TRUE
    Exec     $Message = $raw_event;
</Input>

<Output out>
    Module om_udp
    Host 8.8.4.4
    Port 514
	
    Exec  $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message");
    Exec  $raw_event = to_json();
	
	# Uncomment for debug output
	# Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n");
</Output>
 
<Route 1>
    Path internal, domain1.org, domain2.net, domain3.com, domain4.ru, domain5.de, domain6.nl  => out
</Route>