stonith · December 15, 2015 23:39 · LVLAaron · Dec 24, 2013
diff --git a/nxlog.conf b/nxlog.conf
 ## This is a sample configuration file. See the nxlog reference manual about the
 ## configuration options. It should be installed locally and is also available
 ## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

 ## Please set the ROOT to the folder your nxlog was installed into,
 ## otherwise it will not start.

 #define ROOT C:\Program Files\nxlog
 define ROOT C:\Program Files (x86)\nxlog

 Moduledir %ROOT%\modules
 CacheDir %ROOT%\data
 Pidfile %ROOT%\data\nxlog.pid
 SpoolDir %ROOT%\data
 LogFile %ROOT%\data\nxlog.log

 <Input winevent>
    Module      im_msvistalog
  #Only process Eventlogs from Applications and System Event logs
 	Query <QueryList>\
 		<Query Id="0">\
 			<Select Path="Application">*</Select>\
 			<Select Path="System">*</Select>\
 		</Query>\
 	</QueryList>
  #Add an apptag to for tagging of events
 	Exec	$app = "apptag";
 </Input>

 <Input iis>
    Module	im_file
  #Read iis logs assuming logs are in this directory
    File	"d:\IIS-LOGS\W3SVC\u_ex*.log"
 	ReadFromLast TRUE
  #Drop comments and add an apptag to for tagging of events
 	Exec	if $raw_event =~ /^#/ drop(); \
            $app = "apptag";
 </Input>

 <Output out-5140>
  #Send to central nxlog listener on tcp port 5140, change host address
    Module      om_tcp
    Host        1.1.1.1
    Port        5140
 	OutputType	Binary
 </Output>

 <Output out-5141>
  #Send to central nxlog listener on tcp port 5141, change host address
    Module      om_tcp
    Host        1.1.1.1
    Port        5141
 	OutputType	Binary
 </Output>

 #Uncomment to test nxlog processing and add to route. Directory target must exist
 #<Output outfile>
 #    Module	om_file
 #    File	"d:\\temp\\nxlogtestout.log"
 #</Output>

 <Route 1>
  #Send winevents to central nxlog listener on tcp port 5140
    Path        winevent => out-5140
 </Route>

 <Route 2>
  #Send iislogs to central nxlog listener on tcp port 5141
    Path        iis => out-5141
 </Route>
	## This is a sample configuration file. See the nxlog reference manual about the
	## configuration options. It should be installed locally and is also available
	## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

	## Please set the ROOT to the folder your nxlog was installed into,
	## otherwise it will not start.

	#define ROOT C:\Program Files\nxlog
	define ROOT C:\Program Files (x86)\nxlog

	Moduledir %ROOT%\modules
	CacheDir %ROOT%\data
	Pidfile %ROOT%\data\nxlog.pid
	SpoolDir %ROOT%\data
	LogFile %ROOT%\data\nxlog.log

	<Input winevent>
	Module im_msvistalog
	#Only process Eventlogs from Applications and System Event logs
	Query <QueryList>\
	<Query Id="0">\
	<Select Path="Application">*</Select>\
	<Select Path="System">*</Select>\
	</Query>\
	</QueryList>
	#Add an apptag to for tagging of events
	Exec $app = "apptag";
	</Input>

	<Input iis>
	Module im_file
	#Read iis logs assuming logs are in this directory
	File "d:\IIS-LOGS\W3SVC\u_ex*.log"
	ReadFromLast TRUE
	#Drop comments and add an apptag to for tagging of events
	Exec if $raw_event =~ /^#/ drop(); \
	$app = "apptag";
	</Input>

	<Output out-5140>
	#Send to central nxlog listener on tcp port 5140, change host address
	Module om_tcp
	Host 1.1.1.1
	Port 5140
	OutputType Binary
	</Output>

	<Output out-5141>
	#Send to central nxlog listener on tcp port 5141, change host address
	Module om_tcp
	Host 1.1.1.1
	Port 5141
	OutputType Binary
	</Output>

	#Uncomment to test nxlog processing and add to route. Directory target must exist
	#<Output outfile>
	# Module om_file
	# File "d:\\temp\\nxlogtestout.log"
	#</Output>

	<Route 1>
	#Send winevents to central nxlog listener on tcp port 5140
	Path winevent => out-5140
	</Route>

	<Route 2>
	#Send iislogs to central nxlog listener on tcp port 5141
	Path iis => out-5141
	</Route>