...
...
...
...
...
Configure Nxlog on IIS server
...
- Download the latest version of nxlog. It is easiest to choose the Windows msi file which includes an installer.
...
C:\Program Files (x86)\nxlog\conf\nxlog.conf
4.Replace the entire configuration file by pasting the following Below – Note to replace the variable ({IP address of Seceon Server}) with the actual Seceon Server IP address:
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension syslog>
Module xm_syslog
</Extension>
<Input in_iis>
Module im_file
File "C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex*"
SavePos TRUE
ReadFromLast TRUE
Exec if $raw_event =~ /^#/ drop();
Exec $Message = $raw_event;
</Input>
<Output out_iis>
Module om_udp
Host <CCE_IP address of Seceon Server>
Port 514
Exec $SyslogFacilityValue = 2;
Exec $SourceName = 'windows_iis_logs';
Exec to_syslog_bsd();
</Output>
<Route in-to-out>
Path in_iis => out_iis
</Route>
5.Restart nxlog services.
Enable Logging on IIS server
- Log into the IIS server.
- Go to the IIS manager.
- Get into "Logging" and set the parameters as shown in the image below:
