I cannot seem to get NXLog to ship IIS Logs to LogAnalyzer.  It is collecting Event logs perfectly.  I have commented out all event logs in an attempt to isolate just IIS flow and there is nothing.

define ROOT C:\\Program Files (x86)\\nxlog
define ROOT_STRING C:\\Program Files (x86)\\nxlog
define CERTDIR %ROOT%\\cert
Moduledir %ROOT%\\modules
CacheDir %ROOT%\\data
Pidfile %ROOT%\\data\\nxlog.pid
SpoolDir %ROOT%\\data
LogFile %ROOT%\\data\\nxlog.log
# Include fileop while debugging, also enable in the output module below
#<Extension fileop>
# Module xm_fileop
<Extension json>
 Module xm_json
#<Extension syslog>
# Module xm_syslog
<Input internal>
 Module im_internal
 Exec $Message = to_json();


<Input IIS>
   Module im_file
 File C:\inetpub\logs\LogFiles\W3SVC1\*
 SavePos True
 InputType LineBased

# Windows Event Log
#<Input eventlog>
# Uncomment im_msvistalog for Windows Vista/2008 and later
# Module im_msvistalog
#Uncomment im_mseventlog for Windows XP/2000/2003
#Module im_mseventlog
# Exec $Message = to_json();
# Exec if ($EventID == 5156) drop();
# Exec if ($EventID == 4656) drop();
# Exec if ($EventID == 4658) drop();
<Output out>
 Module om_tcp
 Host x.x.x.x
 Port 514
<Route 1>
 Path internal, eventlog => out


I am sure I am missing something simple.  I have tried file path quotes (single and double), several different Input configs with varying levels of detail, I have tried variations of the wildcard to pull the log file, I even tried changing to double slashes in the file path (grasping at straws with that one).....


Any ideas would be appreicated...

AskedNovember 3, 2015 - 3:31pm

Comments (1)

Answers (0)