You’ll need: NXLog, admin access

Guided configuration
  1. Configure NXLog

    Copy this code into your configuration file (C:\Program Files (x86)\nxlog\conf\nxlog.conf by default).

    Replace <<SHIPPING-TOKEN>> with the token of the account you want to ship to.

    Replace <<LISTENER-HOST>> with your region’s listener host (for example, For more information on finding your account’s region, see Account region.

    define ROOT C:\\Program Files (x86)\\nxlog
    define ROOT_STRING C:\\Program Files (x86)\\nxlog
    define CERTDIR %ROOT%\\cert
    Moduledir %ROOT%\\modules
    CacheDir %ROOT%\\data
    Pidfile %ROOT%\\data\\
    SpoolDir %ROOT%\\data
    LogFile %ROOT%\\data\\nxlog.log
    <Extension charconv>
        Module xm_charconv
        AutodetectCharsets utf-8, euc-jp, utf-16, utf-32, iso8859-2
    #create one for each application
    <Input IIS_Site1>
        Module im_file
        File "C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex*.log"
        SavePos TRUE
        Exec if $raw_event =~ /^#/ drop();
        Exec convert_fields("AUTO", "utf-8");
        Exec $raw_event = '[<<SHIPPING-TOKEN>>][type=iis]' + $raw_event;
    <Output out>
        Module  om_tcp
        Host    <<LISTENER-HOST>>
        Port    8010
    <Route IIS>
        Path IIS_Site1 => out
  2. Restart NXLog

    PS C:\Program Files (x86)\nxlog> Restart-Service nxlog
  3. Check for your logs

    Confirm you’re shipping logs by opening an IIS-hosted webpage in your browser. Give your logs a few minutes to get from your system to ours, and then open Kibana.

    If you still don’t see your logs, see log shipping troubleshooting.