leonsodhi · December 30, 2017 14:15
diff --git a/nxlog_config_template.conf b/nxlog_config_template.conf
 ## Please set the ROOT to your nxlog installation directory

 #define ROOT C:\Program Files\nxlog
 define ROOT C:\Program Files (x86)\nxlog

 Moduledir %ROOT%\modules
 CacheDir  %ROOT%\data
 Pidfile %ROOT%\data\nxlog.pid
 SpoolDir  %ROOT%\data
 LogFile %ROOT%\data\nxlog.log

 <Extension syslog>
  Module xm_syslog  
 </Extension>

 # Monitor application log files
 <Input watchfile>
  Module im_file
  File 'C:\\path\\to\\*.log'
  Exec $Message = $raw_event;
  Exec if file_name() =~ /.*\\(.*)/ $SourceName = $1;
  SavePos TRUE  
  Recursive TRUE
 </Input>

 # Monitor a single application log file
 #<Input watchfile2>
 #  Module im_file
 #  # File 'C:\\path\\to\\a\\single\\file.log'
 #  Exec $Message = $raw_event;
 #  Exec if file_name() =~ /.*\\(.*)/ $SourceName = $1;
 #  SavePos TRUE  
 #  Recursive TRUE
 #</Input>

 # Monitor Windows event logs
 <Input eventlog>
  # Uncomment for Windows Vista/2008 or later 
  Module im_msvistalog
  
  # Uncomment for Windows 2000 or later
  # Module im_mseventlog
 </Input>

 <Processor eventlog_transformer>
  Module pm_transformer
  Exec $Hostname = hostname();
  OutputFormat syslog_rfc5424  
 </Processor>

 <Processor filewatcher_transformer>
  Module pm_transformer
  
  # Uncomment to override the program name
  # Exec $SourceName = 'PROGRAM NAME';
    
  Exec $Hostname = hostname();
  OutputFormat syslog_rfc5424
 </Processor>

 <Output syslogout>
  Module om_udp
  Host <host>.papertrailapp.com
  Port YOUR_PORT  
 </Output>

 <Route 1>
  Path eventlog => eventlog_transformer => syslogout
 </Route>

 <Route 2>
  Path watchfile => filewatcher_transformer => syslogout
 </Route>

 # Replace route 2 with this implementation if watchfile2 is active
 #<Route 2>
 #  Path watchfile, watchfile2 => filewatcher_transformer => syslogout
 #</Route>
	## Please set the ROOT to your nxlog installation directory

	#define ROOT C:\Program Files\nxlog
	define ROOT C:\Program Files (x86)\nxlog

	Moduledir %ROOT%\modules
	CacheDir %ROOT%\data
	Pidfile %ROOT%\data\nxlog.pid
	SpoolDir %ROOT%\data
	LogFile %ROOT%\data\nxlog.log

	<Extension syslog>
	Module xm_syslog
	</Extension>

	# Monitor application log files
	<Input watchfile>
	Module im_file
	File 'C:\\path\\to\\*.log'
	Exec $Message = $raw_event;
	Exec if file_name() =~ /.\\(.)/ $SourceName = $1;
	SavePos TRUE
	Recursive TRUE
	</Input>

	# Monitor a single application log file
	#<Input watchfile2>
	# Module im_file
	# # File 'C:\\path\\to\\a\\single\\file.log'
	# Exec $Message = $raw_event;
	# Exec if file_name() =~ /.\\(.)/ $SourceName = $1;
	# SavePos TRUE
	# Recursive TRUE
	#</Input>

	# Monitor Windows event logs
	<Input eventlog>
	# Uncomment for Windows Vista/2008 or later
	Module im_msvistalog

	# Uncomment for Windows 2000 or later
	# Module im_mseventlog
	</Input>

	<Processor eventlog_transformer>
	Module pm_transformer
	Exec $Hostname = hostname();
	OutputFormat syslog_rfc5424
	</Processor>

	<Processor filewatcher_transformer>
	Module pm_transformer

	# Uncomment to override the program name
	# Exec $SourceName = 'PROGRAM NAME';

	Exec $Hostname = hostname();
	OutputFormat syslog_rfc5424
	</Processor>

	<Output syslogout>
	Module om_udp
	Host <host>.papertrailapp.com
	Port YOUR_PORT
	</Output>

	<Route 1>
	Path eventlog => eventlog_transformer => syslogout
	</Route>

	<Route 2>
	Path watchfile => filewatcher_transformer => syslogout
	</Route>

	# Replace route 2 with this implementation if watchfile2 is active
	#<Route 2>
	# Path watchfile, watchfile2 => filewatcher_transformer => syslogout
	#</Route>