Created
January 12, 2014 03:40
-
-
Save vnisor/8380489 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## This is a sample NXLog configuration file created by Loggly. June 2013 | |
## See the nxlog reference manual about the configuration options. | |
## It should be installed locally and is also available | |
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html | |
## Please set the ROOT to the folder your nxlog was installed into, | |
## otherwise it will not start. | |
#define ROOT C:\Program Files\nxlog | |
define ROOT C:\Program Files (x86)\nxlog | |
define CERTDIR %ROOT%\cert | |
# Include your own Loggly Customer Token here | |
define CUSTOMER_TOKEN 2902a312-8d70-4e0f-bb48-64b3e54b6d8f | |
Moduledir %ROOT%\modules | |
CacheDir %ROOT%\data | |
Pidfile %ROOT%\data\nxlog.pid | |
SpoolDir %ROOT%\data | |
LogFile %ROOT%\data\nxlog.log | |
# Include fileop while debugging, also enable in the output module below | |
#<Extension fileop> | |
# Module xm_fileop | |
#</Extension> | |
# Create the parse rule for IIS logs. You can copy these from the header of the IIS log file. | |
<Extension w3c> | |
Module xm_csv | |
Fields $date, $time, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, $s-port, $cs-username, $c-ip, $csUser-Agent, $sc-status, $sc-substatus, $sc-win32-status, $time-taken | |
FieldTypes string, string, string, string, string, string, integer, string, string, string, integer, integer, integer, integer | |
Delimiter ' ' | |
</Extension> | |
<Extension json> | |
Module xm_json | |
</Extension> | |
<Extension syslog> | |
Module xm_syslog | |
</Extension> | |
# Nxlog internal logs | |
<Input internal> | |
Module im_internal | |
Exec $Message = to_json(); | |
</Input> | |
# Watch your own files. | |
<Input file_watch> | |
Module im_file | |
File "C:\\Program Files (x86)\\nxlog\data\\nxlog.log" | |
SavePos TRUE | |
# Include JSON and raw formats | |
Exec $Message = to_json() + " " + $raw_event; | |
</Input> | |
# Convert the IIS logs to JSON and use the original event time | |
<Input IIS_Logs> | |
Module im_file | |
File "C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex*" | |
SavePos TRUE | |
Exec if $raw_event =~ /^#/ drop(); \ | |
else \ | |
{ \ | |
w3c->parse_csv(); \ | |
$EventTime = parsedate($date + " " + $time); \ | |
$SourceName = "IIS"; \ | |
$Message = to_json(); \ | |
} | |
</Input> | |
# Windows Event Log | |
<Input eventlog> | |
# Uncomment im_msvistalog for Windows Vista/2008 and later | |
Module im_msvistalog | |
# Uncomment im_mseventlog for Windows XP/2000/2003 | |
# Module im_mseventlog | |
Exec $Message = to_json(); | |
</Input> | |
<Output out> | |
Module om_tcp | |
Host logs-01.loggly.com | |
Port 514 | |
# Be sure to replace <CUST_TOKEN> with your unique customer token | |
# Any tags specified will be accessible within Loggly. Space separated list. | |
Exec to_syslog_ietf(); $raw_event = replace($raw_event, 'NXLOG@14506', '%CUSTOMER_TOKEN%@41058 tag="windows"] [', 1); | |
#Use the following line for debugging (uncomment the fileop extension above as well) | |
#Exec file_write("C:\\Program Files (x86)\\nxlog\data\\nxlog_output.log", $raw_event); | |
</Output> | |
<Route 1> | |
Path internal, file_watch, eventlog, IIS_Logs => out | |
</Route> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment