I’ve deployed NxLog to my Exchange Servers and am able to get Graylog (via GELF UDP input) to ‘see’ the data from the server, however two things I cannot get working right.
-
Only one of my IIS logs seems to be coming through (W3SVC1, not W3SVC2) despite being in the same directory/permissions
-
Formatting / parsing is way, way off. I can’t find any marketplace items or other users who have parsed this before, which seems odd given how prevalent Graylog seems to be - has anyone run into this?
Any insight would be valued.