IIS7 W3C log parsing fails
Hello Guys,
I have a question about NXLog IIS7 W3C logs. I set NXLog up and it works basicaly but the NXLog logs are full with error messages like this:
2016-04-26 09:46:36 ERROR if-else failed at line 64, character 257 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; procedure 'parse_csv' failed at line 64, character 113 in C:\Program Files (x86)\nxlog\conf\nxlog.conf. statement execution has been aborted; couldn't parse integer: language=UK®ion=802&idfwbonavigation=180173.2
It look, the IIS logs contain an "=" sign in the $cs-uri-query field, and NXLog wants integer after the "=", however the field set to be string in the config file.
Have you ever met anything like this? And if yes, what could be the solution?
NXLog extension and input config:
<Extension exiis>
Module xm_csv
Fields $date $time $s-ip $cs-method $cs-uri-stem $cs-uri-query $s-port $cs-username $c-ip $cs(User-Agent) $cs(Cookie) $cs(Referer) $sc-status $sc-substatus $sc-win32-status $sc-bytes $cs-bytes $time-taken
FieldTypes string, string, string, string, string, string, integer, string, string, string, string, string, integer, integer, integer, integer, integer, integer
Delimiter ' '
QuoteChar '"'
EscapeControl FALSE
UndefValue -
</Extension>
<Input IIS>
Module im_file
File "D:\\Logs\\IIS\\W3SVC300\\u_ex*"
SavePos TRUE
Recursive FALSE
Exec if $raw_event =~ /^#/ drop(); \
else \
{ \
exiis->parse_csv(); \
$EventTime = parsedate($date + " " + $time); \
$EventTime = strftime($EventTime, "%Y-%m-%dT%H:%M:%SZ"); \
}
</Input>
