Configure Nxlog on IIS server
...
C:\Program Files (x86)\nxlog\conf\nxlog.conf
4.Replace the entire configuration file by pasting the following Below – Note to replace the variable ({IP address of Seceon Server}) with the actual Seceon Server IP address:
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension syslog>
Module xm_syslog
</Extension>
<Input in_iis>
Module im_file
File "C:\\inetpub\\logs\\LogFiles\\W3SVC*W3SVC3\\u_ex*"
SavePos TRUE
ReadFromLast TRUE
Exec if $raw_event =~ /^#/ drop();
Exec $Message = $raw_event;
</Input>
<Output out_iis>
Module om_udp
Host CCE_IP_ADDRESS
Port 514
Exec $SyslogFacilityValue = 2;
Exec $SourceName = 'windows_iis_logs';
Exec to_syslog_bsd();
</Output>
...