You’ll need: NXLog, admin access

Guided configuration
  1. Configure NXLog

    Copy this code into your configuration file (C:\Program Files (x86)\nxlog\conf\nxlog.conf by default).

    Replace <ACCOUNT-TOKEN> with the token of the account you want to ship to.

    Replace <LISTENER-URL> with your region’s listener URL. For more information on finding your account’s region, see Account region.

     define ROOT C:\\Program Files (x86)\\nxlog
     define ROOT_STRING C:\\Program Files (x86)\\nxlog
     define CERTDIR %ROOT%\\cert
     Moduledir %ROOT%\\modules
     CacheDir %ROOT%\\data
     Pidfile %ROOT%\\data\\
     SpoolDir %ROOT%\\data
     LogFile %ROOT%\\data\\nxlog.log
     <Extension charconv>
         Module xm_charconv
         AutodetectCharsets utf-8, euc-jp, utf-16, utf-32, iso8859-2
     #create one for each application
     <Input IIS_Site1>
         Module im_file
         File "C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex*.log"
         SavePos TRUE
         Exec if $raw_event =~ /^#/ drop();
         Exec convert_fields("AUTO", "utf-8");
         Exec $raw_event = '[<ACCOUNT-TOKEN>][type=iis]' + $raw_event;
     <Output out>
         Module  om_tcp
         Host    <LISTENER-URL>
         Port    8010
     <Route IIS>
         Path IIS_Site1 => out
  2. Restart NXLog

     PS C:\Program Files (x86)\nxlog> Restart-Service nxlog
  3. Check for your logs

    Confirm you’re shipping logs by opening an IIS-hosted webpage in your browser. Give your logs a few minutes to get from your system to ours, and then open Kibana.

    If you still don’t see your logs, see log shipping troubleshooting.