ddreier/gist:d3cc5ca730d9fd40df18

## gistfile1.txt
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.

define ROOT C:\Program Files\nxlog
#define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension json>
    Module      xm_json
</Extension>

<Extension w3c>
  #map iis log fields to Field Types
    Module      xm_csv
    Fields      $date, $time, $website, $hostname, $serverip, $verb, $request, $querystring, $dstport, $user, $clientip, $httpversion, $useragent, $cookie, $referrer, $fqdn, $status, $substatus, $sc_win32_status, $sc_bytes, $cs_bytes, $time_taken
    FieldTypes  string, string, string, string, string, string, string, string, string, string, string, string, string, string, string, string, integer, integer, integer, integer, integer, integer
    Delimiter   ' '
</Extension>

<Input internal>
	Module im_internal
</Input>

<Input eventlog>
    Module      im_msvistalog
</Input>

<Input iis-logs>
	Module      im_file
	File 'C:\inetpub\logs\LogFiles\W3SVC6\u_ex*.log'
	ReadFromLast TRUE
	Exec        if $raw_event =~ /^#/ drop();                    \
                else                                             \
                {                                                \
                    w3c->parse_csv();                            \
                    $EventTime = parsedate($date + " " + $time); \
                    to_json ();                                  \
                }
</Input>

<Output out>
    Module      om_tcp
    Host        x.x.x.x
    Port        3515
    Exec        $EventReceivedTime = integer($EventReceivedTime) / 1000000; \
                to_json();
</Output>

<Output iis-out>
	Module      om_tcp
	Host        x.x.x.x
	Port        3516
</Output>

<Route 1>
    Path        eventlog, internal => out
</Route>

<Route 2>
	Path		iis-logs => iis-out
</Route>
	## This is a sample configuration file. See the nxlog reference manual about the
	## configuration options. It should be installed locally and is also available
	## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

	## Please set the ROOT to the folder your nxlog was installed into,
	## otherwise it will not start.

	define ROOT C:\Program Files\nxlog
	#define ROOT C:\Program Files (x86)\nxlog

	Moduledir %ROOT%\modules
	CacheDir %ROOT%\data
	Pidfile %ROOT%\data\nxlog.pid
	SpoolDir %ROOT%\data
	LogFile %ROOT%\data\nxlog.log

	<Extension json>
	Module xm_json
	</Extension>

	<Extension w3c>
	#map iis log fields to Field Types
	Module xm_csv
	Fields $date, $time, $website, $hostname, $serverip, $verb, $request, $querystring, $dstport, $user, $clientip, $httpversion, $useragent, $cookie, $referrer, $fqdn, $status, $substatus, $sc_win32_status, $sc_bytes, $cs_bytes, $time_taken
	FieldTypes string, string, string, string, string, string, string, string, string, string, string, string, string, string, string, string, integer, integer, integer, integer, integer, integer
	Delimiter ' '
	</Extension>

	<Input internal>
	Module im_internal
	</Input>

	<Input eventlog>
	Module im_msvistalog
	</Input>

	<Input iis-logs>
	Module im_file
	File 'C:\inetpub\logs\LogFiles\W3SVC6\u_ex*.log'
	ReadFromLast TRUE
	Exec if $raw_event =~ /^#/ drop(); \
	else \
	{ \
	w3c->parse_csv(); \
	$EventTime = parsedate($date + " " + $time); \
	to_json (); \
	}
	</Input>

	<Output out>
	Module om_tcp
	Host x.x.x.x
	Port 3515
	Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; \
	to_json();
	</Output>

	<Output iis-out>
	Module om_tcp
	Host x.x.x.x
	Port 3516
	</Output>

	<Route 1>
	Path eventlog, internal => out
	</Route>

	<Route 2>
	Path iis-logs => iis-out
	</Route>