Configure Nxlog on IIS server
- Download the latest version of nxlog. It is easiest to choose the Windows msi file which includes an installer.
http://nxlog.org/products/nxlog-community-edition/download
3.Open the Nxlog configuration file at:
C:\Program Files (x86)\nxlog\conf\nxlog.conf
4.Replace the entire configuration file by pasting the following Below – Note to replace the variable ({IP address of Seceon Server}) with the actual Seceon Server IP address:
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension syslog>
Module xm_syslog
</Extension>
<Input in_iis>
Module im_file
File "C:\\inetpub\\logs\\LogFiles\\W3SVC*\\u_ex*"
SavePos TRUE
ReadFromLast TRUE
Exec if $raw_event =~ /^#/ drop();
Exec $Message = $raw_event;
</Input>
<Output out_iis>
Module om_udp
Host CCE_IP_ADDRESS
Port 514
Exec $SyslogFacilityValue = 2;
Exec $SourceName = 'windows_iis_logs';
Exec to_syslog_bsd();
</Output>
<Route in-to-out>
Path in_iis => out_iis
</Route>
5.Restart nxlog services.
Enable Logging on IIS server
- Log into the IIS server.
- Go to the IIS manager.
- Get into "Logging" and set the parameters as shown in the image below: