API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 17th, 2014
235
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.33 KB | None | 0 0
raw download clone embed print report
  1. ## Please set the ROOT to the folder your nxlog was installed into,
  2. ## otherwise it will not start.
  3. #define ROOT C:\Program Files\nxlog
  4. define ROOT C:\Program Files (x86)\nxlog
  5. Moduledir %ROOT%\modules
  6. CacheDir %ROOT%\data
  7. Pidfile %ROOT%\data\nxlog.pid
  8. SpoolDir %ROOT%\data
  9. LogFile %ROOT%\data\nxlog.log
  10. <Extension json>
  11. Module xm_json
  12. </Extension>
  13.  
  14. <Extension syslog>
  15. Module xm_syslog
  16. </Extension>
  17. <Processor transformer>
  18. Module pm_transformer
  19. OutputFormat syslog_rfc3164
  20. </Processor>
  21.  
  22. # Nxlog internal logs
  23. <Input internal>
  24. Module im_internal
  25. Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; to_json();
  26. </Input>
  27. # Windows Event Log
  28. <Input eventlog>
  29. # Uncomment im_msvistalog for Windows Vista/2008 and later
  30. Module im_msvistalog
  31. # Uncomment im_mseventlog for Windows XP/2000/2003
  32. # Module im_mseventlog
  33. Query <QueryList>\
  34. <Query Id="0">\
  35. <Select Path="Security">*</Select>\
  36. <Suppress Path="Security">*[System[(EventID=4624 or EventID=4776 or EventID=4634 or EventID=4672 or EventID=4688)]]</Suppress>\
  37. <Select Path="System">*[System[(EventID=1074 or (EventID &gt;= 6005 and EventID &lt;= 6009) or EventID=6013)]]</Select>\
  38. <Select Path="Microsoft-Windows-TerminalServices-LocalSessionManager/Operational">*</Select>\
  39. </Query>\
  40. </QueryList>
  41. Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; to_json();
  42. </Input>
  43.  
  44. <Input IIS_In>
  45. Module im_file
  46. File "C:\inetpub\logs\LogFiles\W3SVC2\u_ex*"
  47. Exec $Message = $raw_event;
  48. SavePos TRUE
  49. Recursive TRUE
  50. </Input>
  51.  
  52. #<Input vCenter_vpxd>
  53. #Module im_file
  54. #File "C:\ProgramData\VMware\VMware VirtualCenter\Logs\vpxd-[0-5][0-9].log"
  55. #Exec $Message = to_json();
  56. #SavePos TRUE
  57. #Recursive TRUE
  58. #</Input>
  59.  
  60. #<Input vCenter_vpxd_alert>
  61. #Module im_file
  62. #File "C:\ProgramData\VMware\VMware VirtualCenter\Logs\vpxd-alert-[0-5][0-9].log"
  63. #Exec $Message = to_json();
  64. #SavePos TRUE
  65. #Recursive TRUE
  66. #</Input>
  67.  
  68.  
  69. <Output eventlog_out>
  70. Module om_tcp
  71. Host 10.0.2.13
  72. Port 3515
  73. </Output>
  74. <Output IIS_Out>
  75. Module om_tcp
  76. Host logstash
  77. Port 3525
  78. </Output>
  79.  
  80. #<Output vCenter_out>
  81. #Module om_tcp
  82. #Host logstash
  83. #Port 1515
  84. #</Output>
  85.  
  86. <Route 1>
  87. Path internal, eventlog => eventlog_out
  88. </Route>
  89.  
  90. <Route 2>
  91. Path IIS_In => transformer => IIS_Out
  92. </Route>
  93.  
  94. #<Route 3>
  95. #Path vCenter_vpxd, vCenter_vpxd_alert => vCenter_out
  96. #</Route>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!