Exchange Login Tracking

I’ve deployed NxLog to my Exchange Servers and am able to get Graylog (via GELF UDP input) to ‘see’ the data from the server, however two things I cannot get working right.

  1. Only one of my IIS logs seems to be coming through (W3SVC1, not W3SVC2) despite being in the same directory/permissions

  2. Formatting / parsing is way, way off. I can’t find any marketplace items or other users who have parsed this before, which seems odd given how prevalent Graylog seems to be - has anyone run into this?

Any insight would be valued.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.