# Pulls and parses logfiles generated by SCCM # Ensure that "ITS_Logs" is specified in the correct Route at the bottom for outputĮxec $Message = convert($Message, "ucs-2le", "utf-8") Įxec if $Message =~ s/^\s+//g log_debug("whitespace removed") Įxec if file_name() =~ /(+)$/ $LogFile = $1 Įxec $EventReceivedTime = integer($EventReceivedTime) / 1000000 # It is Recommended to LEAVE THIS ENABLED # Pulls all logfiles from the default ITS Log Location # removes extra whitespace, grabs the file name as LogFile, adds the FQDN, and deletes a useless var # After setting the Message as raw_event this converts the message to UTF-8, drops empty messages Can be separated for filtering diff logs. # is pulling, then add that name to the path in Route 1 after eventlog. After Input, name it whatever you want to describe that NXLog # Input to watch a file of your choosing. # Nxlog internal logs - Recommended to keep this turned ON so error(s)/Issues with NXLog are reported.Įxec $EventReceivedTime = integer($EventReceivedTime) / 1000000 to_json() You can copy these from the header of the IIS log file.įields $date, $time, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, $s-port, $cs-username, $c-ip, $csUser-Agent, $sc-status, $sc-substatus, $sc-win32-status, $time-takenįieldTypes string, string, string, string, string, string, string, string, string, string, string, string, string, stringĪutodetectCharsets utf-8, euc-jp, utf-16, utf-32, iso8859-2, ucs-2le # Please set the ROOT to the folder your nxlog was installed into,
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |