ltudury/nxlog_loggly.conf

## nxlog_loggly.conf
## This is a sample NXLog configuration file created by Loggly. June 2013
## See the nxlog reference manual about the configuration options.
## It should be installed locally and is also available
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
# Include your Loggly Customer Token here
define CUSTOMER_TOKEN 1234-567-890123-4567890

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log


# Include fileop while debugging, also enable in the output module below
#<Extension fileop>
#    Module      xm_fileop
#</Extension>


<Extension json>
    Module      xm_json
</Extension>

<Extension syslog>
   Module xm_syslog
</Extension>

<Input internal>
   Module im_internal
   Exec  $Message = to_json();
</Input>

# Watch any file you'd like
<Input file_watch>
   Module   im_file
   File     "C:\\Program Files (x86)\\nxlog\data\\nxlog.log"
   SavePos  TRUE
   Exec  $Message = to_json();
</Input>

<Input eventlog>
# Uncomment im_msvistalog for Windows Vista/2008 and later
    Module im_msvistalog
# Uncomment im_mseventlog for Windows XP/2000/2003
#   Module im_mseventlog
    Exec  $Message = to_json();
</Input>

<Output out>
   Module om_tcp
   Host logs-01.loggly.com
   Port 514
   # Be sure to replace <CUST_TOKEN> with your unique customer token
   # Any tags specified will be accessible within Loggly. Space separated list.
   Exec to_syslog_ietf();\
$raw_event = replace($raw_event, 'NXLOG@14506', '%CUSTOMER_TOKEN%@41058 tag="windows" tag="example"] [', 1);
   #Use the following line for debugging (uncomment the fileop extension above as well)
   #Exec file_write("C:\\Program Files (x86)\\nxlog\data\\nxlog_output.log",  $raw_event);
</Output>

<Route 1>
   Path internal, file_watch, eventlog => out
</Route>
	## This is a sample NXLog configuration file created by Loggly. June 2013
	## See the nxlog reference manual about the configuration options.
	## It should be installed locally and is also available
	## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

	## Please set the ROOT to the folder your nxlog was installed into,
	## otherwise it will not start.

	#define ROOT C:\Program Files\nxlog
	define ROOT C:\Program Files (x86)\nxlog
	define CERTDIR %ROOT%\cert
	# Include your Loggly Customer Token here
	define CUSTOMER_TOKEN 1234-567-890123-4567890

	Moduledir %ROOT%\modules
	CacheDir %ROOT%\data
	Pidfile %ROOT%\data\nxlog.pid
	SpoolDir %ROOT%\data
	LogFile %ROOT%\data\nxlog.log


	# Include fileop while debugging, also enable in the output module below
	#<Extension fileop>
	# Module xm_fileop
	#</Extension>


	<Extension json>
	Module xm_json
	</Extension>

	<Extension syslog>
	Module xm_syslog
	</Extension>

	<Input internal>
	Module im_internal
	Exec $Message = to_json();
	</Input>

	# Watch any file you'd like
	<Input file_watch>
	Module im_file
	File "C:\\Program Files (x86)\\nxlog\data\\nxlog.log"
	SavePos TRUE
	Exec $Message = to_json();
	</Input>

	<Input eventlog>
	# Uncomment im_msvistalog for Windows Vista/2008 and later
	Module im_msvistalog
	# Uncomment im_mseventlog for Windows XP/2000/2003
	# Module im_mseventlog
	Exec $Message = to_json();
	</Input>

	<Output out>
	Module om_tcp
	Host logs-01.loggly.com
	Port 514
	# Be sure to replace <CUST_TOKEN> with your unique customer token
	# Any tags specified will be accessible within Loggly. Space separated list.
	Exec to_syslog_ietf();\
	$raw_event = replace($raw_event, 'NXLOG@14506', '%CUSTOMER_TOKEN%@41058 tag="windows" tag="example"] [', 1);
	#Use the following line for debugging (uncomment the fileop extension above as well)
	#Exec file_write("C:\\Program Files (x86)\\nxlog\data\\nxlog_output.log", $raw_event);
	</Output>

	<Route 1>
	Path internal, file_watch, eventlog => out
	</Route>