Last active
December 21, 2015 20:58
-
-
Save jacoelho/6364580 to your computer and use it in GitHub Desktop.
Samples nxlog.conf for a Windows 2008R2 with IIS installed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Please set the ROOT to the folder your nxlog was installed into, | |
| ## otherwise it will not start. | |
| #define ROOT C:\Program Files\nxlog | |
| define ROOT C:\Program Files (x86)\nxlog | |
| Moduledir %ROOT%\modules | |
| CacheDir %ROOT%\data | |
| Pidfile %ROOT%\data\nxlog.pid | |
| SpoolDir %ROOT%\data | |
| LogFile %ROOT%\data\nxlog.log | |
| <Input eventlog> | |
| Module im_msvistalog | |
| Query <QueryList>\ | |
| <Query Id="0">\ | |
| <Select Path="Application">*</Select>\ | |
| <Select Path="System">*</Select>\ | |
| <Select Path="Security">*</Select>\ | |
| </Query>\ | |
| </QueryList> | |
| </Input> | |
| <Input iis> | |
| Module im_file | |
| File 'C:\\inetpub\\logs\\LogFiles\\W3SVC2\\u_ex*.log' | |
| ReadFromLast TRUE | |
| Exec if $raw_event =~ /^#/ drop(); \ | |
| $app = "apptag"; | |
| </Input> | |
| <Output out-tcp-514> | |
| Module om_tcp | |
| Host 10.166.144.124 | |
| Port 514 | |
| </Output> | |
| <Route 1> | |
| Path eventlog, iis => out-tcp-514 | |
| </Route> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment