nxlog-ce-2.10.2150
- NXLog Manager
- NXLog Community Edition: Send data to most popular solutions. Need to ship data to ELK, Graylog, Loggly or some other SIEM? We got you covered!
- NXLog Enterprise Edition
安裝的是 NXLog Community Edition,安裝好之後我們要去修改設定檔,
設定檔是 C:\Program Files (x86)\nxlog\conf\nxlog.conf,內容如下。
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/docs/
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension _syslog>
Module xm_syslog
</Extension>
<Input iislog> 我們先給 Input 標籤一個自定義的名字 iislog,我們要在標籤裡面去設定一組輸入的來源。
Module im_file Module:設定 為im_file
File "C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex*" File:設定 IIS Log 檔案的儲存位置
SavePos TRUE SavePos:設定為 TRUE,用來記住上次的讀檔位置。
</Input>
<Output logstash> 給 Output 檔籤一個自定義的名字 logstash,我們在標籤裡面去設定一組輸出的目的。
Module om_tcp Module:設定 為om_tcp
Host IP or hostname Host:設定為 Logstash or GrayLog 伺服器的名稱或位址
Port 12201 Port:設定為 Logstash 伺服器開啟監聽的埠號
</Output>
<Route 1>
Path iislog => logstash
</Route>
<Route>
Route 是告訴 NXLog 哪一個 Input 要對應到哪一個 Output,Input 及 Output 可以用逗號隔開設定多組,例如這樣:
<Route 1>多對多
Path iislog1,iislog2,… => logstash1,logstash2,…
</Route>
但是如果我們想指定 iislog1 只輸出給 logstash1、iislog2 則輸出給 logstash1 及 logstash2,這個時候就要設定第二組 Route 去另外指定,像這樣:
<Route 1>一對一
Path iislog1 => logstash1
</Route>
<Route 2>一對多
Path iislog2 => logstash1,logstash2
</Route>
Configuration file:
C:\Program Files (x86)\nxlog\conf\nxlog.conf
Log file
C:\Program Files (x86)\nxlog\data\nxlog.log
Refer [料理佳餚] ELK 搭檔 NXLog 收集 IIS Log
