Configuration
Before you begin, you’ll need:
- NXLog
- Admin access
Configure NXLog
Copy this code into your configuration file (C:\Program Files (x86)\nxlog\conf\nxlog.conf by default).
Replace <<LOG-SHIPPING-TOKEN>> with the token of the account you want to ship to.
Replace <<LISTENER-HOST>> with your region’s listener host (for example, listener.logz.io). For more information on finding your account’s region, see Account region.
define ROOT C:\\Program Files (x86)\\nxlog
define ROOT_STRING C:\\Program Files (x86)\\nxlog
define CERTDIR %ROOT%\\cert
Moduledir %ROOT%\\modules
CacheDir %ROOT%\\data
Pidfile %ROOT%\\data\\nxlog.pid
SpoolDir %ROOT%\\data
LogFile %ROOT%\\data\\nxlog.log
<Extension charconv>
Module xm_charconv
AutodetectCharsets utf-8, euc-jp, utf-16, utf-32, iso8859-2
</Extension>
#create one for each application
<Input IIS_Site1>
Module im_file
File "C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex*.log"
SavePos TRUE
Exec if $raw_event =~ /^#/ drop();
Exec convert_fields("AUTO", "utf-8");
Exec $raw_event = '[<<LOG-SHIPPING-TOKEN>>][type=iis]' + $raw_event;
</Input>
<Output out>
Module om_tcp
Host <<LISTENER-HOST>>
Port 8010
</Output>
<Route IIS>
Path IIS_Site1 => out
</Route>
Restart NXLog
PS C:\Program Files (x86)\nxlog> Restart-Service nxlog
Check Logz.io for your logs
Confirm you’re shipping logs by opening an IIS-hosted webpage in your browser. Give your logs some time to get from your system to ours, and then open Kibana.
If you still don’t see your logs, see log shipping troubleshooting.