...
Code Block |
---|
## This is a sample configuration file. See the NXLog reference manual about the ## configuration options. It should be installed locally and is also available ## online at http://nxlog.org/docs/ ## Please set the ROOT to the folder your NXLog was installed into, ## otherwise it will not start. #define ROOT C:\Program Files\nxlog define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension json> Module xm_json </Extension> DateFormat YYYY-MM-DD hhDDThh:mm:ss.sUTC GenerateDateInUTC TRUE <Extension _syslog> Module xm_syslog </Extension> <Input in> Module im_msvistalog ReadFromLast True Query <QueryList>\ <Query Id="0">\ <Select Path="Application">*</Select>\ <Select Path="System">*</Select>\ <Select Path="Security">*</Select>\ <Select Path="Windows PowerShell">*</Select>\ </Query>\ </QueryList> Exec $UnixTime = integer($EventTime)/1000; </Input> <Output devo_relay> Module om_tcp Host RELAY_IP_ADDRESS Port 13000 Exec $Message = to_json(); $SourceName="box.win_nxlog."+lc($Channel); delete($ProcessID); to_syslog_bsd(); </Output> <Output ssl_devo> Module om_ssl Host XX.elb.relay.logtrust.net Port 443 CAFile C:\Program Files (x86)\nxlog\cert\CHAIN.crt CertFile C:\Program Files (x86)\nxlog\cert\DOMAIN.crt CertKeyFile C:\Program Files (x86)\nxlog\cert\DOMAIN.key KeyPass secret AllowUntrusted TRUE Exec $Message = to_json(); $SourceName="box.win_nxlog."+lc($Channel); delete($ProcessID); to_syslog_bsd(); </Output> <Output file> Module om_file File 'C:\nxlog_events.log' Exec $Message = to_json(); $SourceName="box.win_nxlog."+lc($Channel); delete($ProcessID); to_syslog_bsd(); </Output> <Route 1> Path in => devo_relay </Route> |
...