Collecting IIS Logs
I cannot seem to get NXLog to ship IIS Logs to LogAnalyzer. It is collecting Event logs perfectly. I have commented out all event logs in an attempt to isolate just IIS flow and there is nothing.
define ROOT C:\\Program Files (x86)\\nxlog
define ROOT_STRING C:\\Program Files (x86)\\nxlog
define CERTDIR %ROOT%\\cert
Moduledir %ROOT%\\modules
CacheDir %ROOT%\\data
Pidfile %ROOT%\\data\\nxlog.pid
SpoolDir %ROOT%\\data
LogFile %ROOT%\\data\\nxlog.log
# Include fileop while debugging, also enable in the output module below
#<Extension fileop>
# Module xm_fileop
#</Extension>
<Extension json>
Module xm_json
</Extension>
#<Extension syslog>
# Module xm_syslog
#</Extension>
<Input internal>
Module im_internal
Exec $Message = to_json();
</Input>
<Input IIS>
Module im_file
File C:\inetpub\logs\LogFiles\W3SVC1\*
SavePos True
InputType LineBased
</Input>
# Windows Event Log
#<Input eventlog>
# Uncomment im_msvistalog for Windows Vista/2008 and later
# Module im_msvistalog
#Uncomment im_mseventlog for Windows XP/2000/2003
#Module im_mseventlog
# Exec $Message = to_json();
# Exec if ($EventID == 5156) drop();
# Exec if ($EventID == 4656) drop();
# Exec if ($EventID == 4658) drop();
#</Input>
<Output out>
Module om_tcp
Host x.x.x.x
Port 514
</Output>
<Route 1>
Path internal, eventlog => out
</Route>
I am sure I am missing something simple. I have tried file path quotes (single and double), several different Input configs with varying levels of detail, I have tried variations of the wildcard to pull the log file, I even tried changing to double slashes in the file path (grasping at straws with that one).....
Any ideas would be appreicated...
You probably need this:
File 'C:\inetpub\logs\LogFiles\W3SVC1\\*'
See the note in the reference manual for an explanation.