Let's Talk
Let's Talk

How can I create a custom nxlog.conf file with powershell?

Tags:
#1 adam

Hello, I want to send IIS W3C logs to the Syslog server. The nxlog.conf file is as follows. If we assume that there are too many domains on the server, I want to quickly create this config file with powershell. Is this possible?

In this configuration file, I can define the website and log directories manually. This is true, but it may be easier to add website and log directories by creating a "dynamically" config file.

When I add a wildcard "*" instead of website-name and folders with site ids such as W3SVC10, W3SVC11, no log is sent to the syslog server.

# Domain list:
Get-ChildItem C:\inetpub\vhosts -Directory -Exclude .skel,default,forwarding,Servers,sitebuilder,webmail | ForEach-Object {$_.Name}

# Log Directories Path:
Get-Website domain1.org | % { Join-Path ($_.logFile.Directory -replace '%SystemDrive%', $env:SystemDrive) "W3SVC$($_.id)" }
Get-Website domain2.net | % { Join-Path ($_.logFile.Directory -replace '%SystemDrive%', $env:SystemDrive) "W3SVC$($_.id)" }

If we can do this with an alternative method, it is not necessary to do it with powershell. Do you have any suggestions?

Panic Soft
#NoFreeOnExit TRUE

define ROOT     C:\Program Files (x86)\nxlog
define CERTDIR  %ROOT%\cert
define CONFDIR  %ROOT%\conf
define LOGDIR   %ROOT%\data
define LOGFILE  %LOGDIR%\nxlog.log
LogFile %LOGFILE%

Moduledir %ROOT%\modules
CacheDir  %ROOT%\data
Pidfile   %ROOT%\data\nxlog.pid
SpoolDir  %ROOT%\data

<Extension json>
    Module      xm_json
</Extension>
 
<Extension syslog>
    Module xm_syslog
</Extension>
 
<Input internal>
    Module im_internal
</Input>
 
# Watch your IIS log files
<Input domain1.org>
    Module   im_file
    File     'C:\Inetpub\vhosts\domain1.org\logs\iis\W3SVC8\u_ex*.log'
    SavePos  TRUE
	Recursive TRUE
    Exec     $Message = $raw_event;
</Input>

# Watch your IIS log files
<Input domain2.net>
    Module   im_file
    File     'C:\Inetpub\vhosts\domain2.net\logs\iis\W3SVC9\u_ex*.log'
    SavePos  TRUE
	Recursive TRUE
    Exec     $Message = $raw_event;
</Input>

# Watch your IIS log files
<Input domain3.com>
    Module   im_file
    File     'C:\Inetpub\vhosts\domain3.com\logs\iis\W3SVC10\u_ex*.log'
    SavePos  TRUE
	Recursive TRUE
    Exec     $Message = $raw_event;
</Input>

# Watch your IIS log files
<Input domain4.ru>
    Module   im_file
    File     'C:\Inetpub\vhosts\domain4.ru\logs\iis\W3SVC11\u_ex*.log'
    SavePos  TRUE
	Recursive TRUE
    Exec     $Message = $raw_event;
</Input>

# Watch your IIS log files
<Input domain5.de>
    Module   im_file
    File     'C:\Inetpub\vhosts\domain5.de\logs\iis\W3SVC12\u_ex*.log'
    SavePos  TRUE
	Recursive TRUE
    Exec     $Message = $raw_event;
</Input>

# Watch your IIS log files
<Input domain6.nl>
    Module   im_file
    File     'C:\Inetpub\vhosts\domain6.nl\logs\iis\W3SVC13\u_ex*.log'
    SavePos  TRUE
	Recursive TRUE
    Exec     $Message = $raw_event;
</Input>

<Output out>
    Module om_udp
    Host 8.8.4.4
    Port 514
	
    Exec  $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message");
    Exec  $raw_event = to_json();
	
	# Uncomment for debug output
	# Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n");
</Output>
 
<Route 1>
    Path internal, domain1.org, domain2.net, domain3.com, domain4.ru, domain5.de, domain6.nl  => out
</Route>
Permalink
#2 rafDeactivated Nxlog ✓
#1 adam
Hello, I want to send IIS W3C logs to the Syslog server. The nxlog.conf file is as follows. If we assume that there are too many domains on the server, I want to quickly create this config file with powershell. Is this possible? In this configuration file, I can define the website and log directories manually. This is true, but it may be easier to add website and log directories by creating a "dynamically" config file. When I add a wildcard "*" instead of website-name and folders with site ids such as W3SVC10, W3SVC11, no log is sent to the syslog server. # Domain list: Get-ChildItem C:\inetpub\vhosts -Directory -Exclude .skel,default,forwarding,Servers,sitebuilder,webmail | ForEach-Object {$_.Name} # Log Directories Path: Get-Website domain1.org | % { Join-Path ($_.logFile.Directory -replace '%SystemDrive%', $env:SystemDrive) "W3SVC$($_.id)" } Get-Website domain2.net | % { Join-Path ($_.logFile.Directory -replace '%SystemDrive%', $env:SystemDrive) "W3SVC$($_.id)" } If we can do this with an alternative method, it is not necessary to do it with powershell. Do you have any suggestions? Panic Soft #NoFreeOnExit TRUE define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE% Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data <Extension json> Module xm_json </Extension> <Extension syslog> Module xm_syslog </Extension> <Input internal> Module im_internal </Input> # Watch your IIS log files <Input domain1.org> Module im_file File 'C:\Inetpub\vhosts\domain1.org\logs\iis\W3SVC8\u_ex*.log' SavePos TRUE Recursive TRUE Exec $Message = $raw_event; </Input> # Watch your IIS log files <Input domain2.net> Module im_file File 'C:\Inetpub\vhosts\domain2.net\logs\iis\W3SVC9\u_ex*.log' SavePos TRUE Recursive TRUE Exec $Message = $raw_event; </Input> # Watch your IIS log files <Input domain3.com> Module im_file File 'C:\Inetpub\vhosts\domain3.com\logs\iis\W3SVC10\u_ex*.log' SavePos TRUE Recursive TRUE Exec $Message = $raw_event; </Input> # Watch your IIS log files <Input domain4.ru> Module im_file File 'C:\Inetpub\vhosts\domain4.ru\logs\iis\W3SVC11\u_ex*.log' SavePos TRUE Recursive TRUE Exec $Message = $raw_event; </Input> # Watch your IIS log files <Input domain5.de> Module im_file File 'C:\Inetpub\vhosts\domain5.de\logs\iis\W3SVC12\u_ex*.log' SavePos TRUE Recursive TRUE Exec $Message = $raw_event; </Input> # Watch your IIS log files <Input domain6.nl> Module im_file File 'C:\Inetpub\vhosts\domain6.nl\logs\iis\W3SVC13\u_ex*.log' SavePos TRUE Recursive TRUE Exec $Message = $raw_event; </Input> <Output out> Module om_udp Host 8.8.4.4 Port 514 Exec $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message"); Exec $raw_event = to_json(); # Uncomment for debug output # Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n"); </Output> <Route 1> Path internal, domain1.org, domain2.net, domain3.com, domain4.ru, domain5.de, domain6.nl => out </Route>

Hi Adam,

Wildcarts in folder names are not supported in Community Edition, but you may try using Recursive directive. In your case, something similar to the following should work:

 Module im_file
 File 'C:\\Inetpub\vhosts\domain3.com\logs\iis\'
 Recursive TRUE
Login to see more