Request trial
Request Trial

nxlog confi for event log and IIS logs

Tags:
#1 Milton.Markose

Hi, We're evaluating nxlogn to forward event logs and IIS logs from same server as SYSLOG format to centralised log server. The event logs are reaching correctly, but not the IIS logs. Please see the configuration settings. Your help would be highly appreciated

============================================================

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension _syslog>
    Module      xm_syslog
</Extension>

<Input eventlog>
    Module      im_msvistalog
# For windows 2003 and earlier use the following:
#   Module      im_mseventlog
</Input>

<Extension w3c>
    Module    xm_csv
    Fields    $date, $time, $site, $dstip, $HTTPMethod, $URIStem, $URIQuery, $port, $username, $srcip, $UserAgent, $HTTPStatus, $SubStatus, $win32Status
    FieldTypes    string, string, string, string, string, string, string, string, string, string, string, string, string, string,
    Delimiter    ' '
</Extension>

<Input IIS_Log>
  Module    im_file
    File    "C:\WINDOWS\System32\LogFiles\W3SVC1\ex*"
    ReadFromLast TRUE
        #Drop info legend lines
        Exec    if $raw_event =~ /^#/ drop();\
        else\
        {\
            w3c->parse_csv();\
            $EventTime = parsedate($date + " " + $time);\
        }
</Input>

<Output out>
    Module      om_udp
    Host        X.X.X.X
    Port        514
    Exec        to_syslog_snare();
</Output>

<Route 1>
    Path        eventlog => out
</Route>

<Route 2>
    Path        IIS_Log => out
</Route

Permalink
#2 adm Nxlog ✓ (Last updated )
#1 Milton.Markose
Hi, We're evaluating nxlogn to forward event logs and IIS logs from same server as SYSLOG format to centralised log server. The event logs are reaching correctly, but not the IIS logs. Please see the configuration settings. Your help would be highly appreciated ============================================================ define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension _syslog>     Module      xm_syslog </Extension> <Input eventlog>     Module      im_msvistalog # For windows 2003 and earlier use the following: #   Module      im_mseventlog </Input> <Extension w3c>     Module    xm_csv     Fields    $date, $time, $site, $dstip, $HTTPMethod, $URIStem, $URIQuery, $port, $username, $srcip, $UserAgent, $HTTPStatus, $SubStatus, $win32Status     FieldTypes    string, string, string, string, string, string, string, string, string, string, string, string, string, string,     Delimiter    ' ' </Extension> <Input IIS_Log>   Module    im_file     File    "C:\WINDOWS\System32\LogFiles\W3SVC1\ex*"     ReadFromLast TRUE         #Drop info legend lines         Exec    if $raw_event =~ /^#/ drop();\         else\         {\             w3c->parse_csv();\             $EventTime = parsedate($date + " " + $time);\         } </Input> <Output out>     Module      om_udp     Host        X.X.X.X     Port        514     Exec        to_syslog_snare(); </Output> <Route 1>     Path        eventlog => out </Route> <Route 2>     Path        IIS_Log => out </Route

You probably need single quotes for the File directive since the backslash is treated as an escape character in double quoted strings. See the note for the File directive in the documentation.
Login to see more

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS