Send custom value in iis_log message
Anbers
I want to know is possible send, with the iis log message, a custom field and value. Actually this is my config:
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
<Extension _gelf>
#Module xm_syslog
Module xm_gelf
#Module xm_json
</Extension>
<Extension w3c_parser>
Module xm_csv
Fields date, time, s-ip, cs-method, cs-uri-stem, cs-uri-query, \
s-port, cs-username, c-ip, cs(User-Agent), cs(Referer), \
sc-status, sc-substatus, sc-win32-status, time-taken
FieldTypes string, string, string, string, string, string, integer, \
string, string, string, string, integer, integer, integer, \
integer
Delimiter ' '
EscapeChar '"'
QuoteChar '"'
EscapeControl FALSE
UndefValue -
</Extension>
<Input in2>
Module im_file
File "c:\\logs\\app\\iislog\\u_extend1.log"
<Exec>
if $raw_event =~ /^#/ drop();
else
{
w3c_parser->parse_csv();
$EventTime = parsedate($date + "T" + $time + ".000Z");
}
</Exec>
</Input>
<Output out>
Module om_udp
Host 172.28.36.25
Port 12201
#Exec to_syslog_snare();
OutputType GELF
</Output>
<Route 1>
Path in2 => out
</Route>
This work great but i need to add a custom and static value in the message, like : FIELD: "system" , VALUE: "program1". and this value is always the same
date, time, s-ip, cs-method, cs-uri-stem, cs-uri-query, s-port, cs-username, c-ip, cs(User-Agent), cs(Referer), sc-status, sc-substatus, sc-win32-status, time-taken,**system**
Is this possible?
Thanks!
