Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## Please set the ROOT to the folder your nxlog was installed into,
- ## otherwise it will not start.
- define ROOT C:\Program Files (x86)\nxlog
- define CERTDIR %ROOT%\cert
- define CONFDIR %ROOT%\conf
- define LOGDIR %ROOT%\data
- define LOGFILE %LOGDIR%\nxlog.log
- LogFile %LOGFILE%
- Moduledir %ROOT%\modules
- CacheDir %ROOT%\data
- Pidfile %ROOT%\data\nxlog.pid
- SpoolDir %ROOT%\data
- LogFile %ROOT%\data\nxlog.log
- <Extension _syslog>
- Module xm_syslog
- </Extension>
- <Extension _exec>
- Module xm_exec
- </Extension>
- <Extension _fileop>
- Module xm_fileop
- # Check the size of our log file hourly, rotate if larger than 5MB
- <Schedule>
- Every 1 hour
- Exec if (file_exists('%LOGFILE%') and \
- (file_size('%LOGFILE%') >= 5M)) \
- file_cycle('%LOGFILE%', 8);
- </Schedule>
- # Rotate our log file every week on Sunday at midnight
- <Schedule>
- When @weekly
- Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
- </Schedule>
- </Extension>
- <Extension _json>
- Module xm_json
- </Extension>
- <Input internal>
- Module im_internal
- Exec $Message = to_json();
- </Input>
- # Windows Event Log
- <Input eventlog>
- # Uncomment im_msvistalog for Windows Vista/2008 and later
- Module im_msvistalog
- #Uncomment im_mseventlog for Windows XP/2000/2003
- #Module im_mseventlog
- # JSON is required because some Windows logs contain new-line characters.
- Exec $Message = to_json();
- </Input>
- <Processor buffer>
- Module pm_buffer
- # 100Mb disk buffer
- MaxSize 102400
- Type disk
- </Processor>
- <Output out>
- Module om_tcp
- Host {sensor_address}
- Port 514
- Exec to_syslog_bsd();
- #Use the following line for debugging
- #Exec file_write("C:\Program Files (x86)\nxlog\data\nxlog_output.log", $raw_event);
- </Output>
- <Route 1>
- Path internal, eventlog => buffer => out
- </Route>
Add Comment
Please, Sign In to add comment
