Hi guys,
I used graylog version 3.1
web server IIS with NXLog configure file
And everything works fine
But the output filed status code(sc_status) and Time Taken (time_taken) not ok
please guide me
In fact, the status code (200, 400, 500)of the successful and unsuccessful has request is very important to me
#######################################################################
#######################################################################
Module xm_gelf Module xm_json#######################################################################
#######################################################################
Module xm_csv Fields $date, $time, $s_ip, $cs_method, $cs_uri_stem, $cs_uri_query, $s_port, $cs_username, $c_ip, $cs_User_Agent, $cs_Referer, $sc_status, $sc_substatus, $sc_win32_status, $time_taken FieldTypes string, string, string, string, string, string, string, string, string, string, string, string, string, string, string Delimiter ' ' QuoteChar '"' EscapeControl FALSE UndefValue - Module im_file File "C:\inetpub\logs\LogFiles\W3SVC1\u_ex*" SavePos TRUE
Exec if $raw_event =~/^#/ drop();\
else\
{\
w3c->parse_csv();\
$EventTime = parsedate($date + " " + $time);\
$EventTime = parsedate($date + " " + $time + "Z");\
$SourceName = "IIS";\
$raw_event = to_json();\
}
Exec $Hostname = hostname_fqdn();
Exec $raw_event =$Hostname + ' IIS-NXLOG ' + $raw_event;
#Use the following line for debugging (uncomment the fileop extension above as well)
#Exec file_write("C:\\Program Files (x86)\\nxlog\\data\\nxlog_output.log", $raw_event);
#######################################################################
#######################################################################
Why don’t you use the xm_w3c modul in nxlog?
https://nxlog.co/documentation/nxlog-user-guide/xm_w3c.html
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.