Ship IIS logs

Setup

You’ll need: NXLog, admin access

Guided configuration

1. Configure NXLog

   Copy this code into your configuration file (C:\Program Files (x86)\nxlog\conf\nxlog.conf by default).

   Replace <<SHIPPING-TOKEN>> with the token of the account you want to ship to.
   
   Replace <<LISTENER-HOST>> with your region’s listener host (for example, listener.logz.io). For more information on finding your account’s region, see Account region.

   define ROOT C:\\Program Files (x86)\\nxlog
   define ROOT_STRING C:\\Program Files (x86)\\nxlog
   define CERTDIR %ROOT%\\cert
   Moduledir %ROOT%\\modules
   CacheDir %ROOT%\\data
   Pidfile %ROOT%\\data\\nxlog.pid
   SpoolDir %ROOT%\\data
   LogFile %ROOT%\\data\\nxlog.log
   <Extension charconv>
       Module xm_charconv
       AutodetectCharsets utf-8, euc-jp, utf-16, utf-32, iso8859-2
   </Extension>
   
   #create one for each application
   <Input IIS_Site1>
       Module im_file
       File "C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex*.log"
       SavePos TRUE
       Exec if $raw_event =~ /^#/ drop();
       Exec convert_fields("AUTO", "utf-8");
       Exec $raw_event = '[<<SHIPPING-TOKEN>>][type=iis]' + $raw_event;
   </Input>
   <Output out>
       Module  om_tcp
       Host    <<LISTENER-HOST>>
       Port    8010
   </Output>
   
   <Route IIS>
       Path IIS_Site1 => out
   </Route>
   

2. Restart NXLog

   PS C:\Program Files (x86)\nxlog> Restart-Service nxlog
   

3. Check Logz.io for your logs

   Confirm you’re shipping logs by opening an IIS-hosted webpage in your browser. Give your logs a few minutes to get from your system to ours, and then open Kibana.

   If you still don’t see your logs, see log shipping troubleshooting.