1
response

I cannot seem to get NXLog to ship IIS Logs to LogAnalyzer.  It is collecting Event logs perfectly.  I have commented out all event logs in an attempt to isolate just IIS flow and there is nothing.

define ROOT C:\\Program Files (x86)\\nxlog
define ROOT_STRING C:\\Program Files (x86)\\nxlog
define CERTDIR %ROOT%\\cert
 
Moduledir %ROOT%\\modules
CacheDir %ROOT%\\data
Pidfile %ROOT%\\data\\nxlog.pid
SpoolDir %ROOT%\\data
LogFile %ROOT%\\data\\nxlog.log
 
# Include fileop while debugging, also enable in the output module below
#<Extension fileop>
# Module xm_fileop
#</Extension>
 
<Extension json>
 Module xm_json
</Extension>
 
#<Extension syslog>
# Module xm_syslog
#</Extension>
 
<Input internal>
 Module im_internal
 Exec $Message = to_json();
</Input>

 

<Input IIS>
   Module im_file
 File C:\inetpub\logs\LogFiles\W3SVC1\*
 SavePos True
 InputType LineBased
</Input>

 
 
# Windows Event Log
#<Input eventlog>
# Uncomment im_msvistalog for Windows Vista/2008 and later
# Module im_msvistalog
 
#Uncomment im_mseventlog for Windows XP/2000/2003
#Module im_mseventlog
 
# Exec $Message = to_json();
# Exec if ($EventID == 5156) drop();
# Exec if ($EventID == 4656) drop();
# Exec if ($EventID == 4658) drop();
#</Input>
 
<Output out>
 Module om_tcp
 Host x.x.x.x
 Port 514
</Output>
 
<Route 1>
 Path internal, eventlog => out
</Route>

 

I am sure I am missing something simple.  I have tried file path quotes (single and double), several different Input configs with varying levels of detail, I have tried variations of the wildcard to pull the log file, I even tried changing to double slashes in the file path (grasping at straws with that one).....

 

Any ideas would be appreicated...

AskedNovember 3, 2015 - 3:31pm

Comments (1)

Answers (0)