Last active
January 14, 2020 20:29
-
-
Save ltudury/5710497 to your computer and use it in GitHub Desktop.
NXLog configuration that can be used to send Windows events to Loggly.
Include your unique customer token where specified.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## This is a sample NXLog configuration file created by Loggly. June 2013 | |
## See the nxlog reference manual about the configuration options. | |
## It should be installed locally and is also available | |
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html | |
## Please set the ROOT to the folder your nxlog was installed into, | |
## otherwise it will not start. | |
#define ROOT C:\Program Files\nxlog | |
define ROOT C:\Program Files (x86)\nxlog | |
define CERTDIR %ROOT%\cert | |
# Include your Loggly Customer Token here | |
define CUSTOMER_TOKEN 1234-567-890123-4567890 | |
Moduledir %ROOT%\modules | |
CacheDir %ROOT%\data | |
Pidfile %ROOT%\data\nxlog.pid | |
SpoolDir %ROOT%\data | |
LogFile %ROOT%\data\nxlog.log | |
# Include fileop while debugging, also enable in the output module below | |
#<Extension fileop> | |
# Module xm_fileop | |
#</Extension> | |
<Extension json> | |
Module xm_json | |
</Extension> | |
<Extension syslog> | |
Module xm_syslog | |
</Extension> | |
<Input internal> | |
Module im_internal | |
Exec $Message = to_json(); | |
</Input> | |
# Watch any file you'd like | |
<Input file_watch> | |
Module im_file | |
File "C:\\Program Files (x86)\\nxlog\data\\nxlog.log" | |
SavePos TRUE | |
Exec $Message = to_json(); | |
</Input> | |
<Input eventlog> | |
# Uncomment im_msvistalog for Windows Vista/2008 and later | |
Module im_msvistalog | |
# Uncomment im_mseventlog for Windows XP/2000/2003 | |
# Module im_mseventlog | |
Exec $Message = to_json(); | |
</Input> | |
<Output out> | |
Module om_tcp | |
Host logs-01.loggly.com | |
Port 514 | |
# Be sure to replace <CUST_TOKEN> with your unique customer token | |
# Any tags specified will be accessible within Loggly. Space separated list. | |
Exec to_syslog_ietf();\ | |
$raw_event = replace($raw_event, 'NXLOG@14506', '%CUSTOMER_TOKEN%@41058 tag="windows" tag="example"] [', 1); | |
#Use the following line for debugging (uncomment the fileop extension above as well) | |
#Exec file_write("C:\\Program Files (x86)\\nxlog\data\\nxlog_output.log", $raw_event); | |
</Output> | |
<Route 1> | |
Path internal, file_watch, eventlog => out | |
</Route> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The escape sequence on line 28 is invalid - you need some more backslashes in there!