Hi, I believe this is the same question posted here: https://nxlog.co/question/2070/problems-iis-logs-and-snare-format The answer is pretty much the same what Marvin wrote.
Regards, Botond On Fri, 21 Oct 2016 17:59:41 +0000 Marvin Nipper <marvin.nip...@westernunion.com> wrote: > Hi. Botond will jump in if I lead you astray, but the to_syslog_snare > function is really about Windows Event transformations (to emulate the > specific SNARE _Windows OS_ agent output), and not intended to handle other > event types. > > I’ve never used the SNARE Epilog agent (intended for “flat file” content), > but had the impression that it pretty much collected, and forwarded, the data > in the same format as is found in the log files, be they IIS, or any other > type of flat file. So, if you are looking to have that data transformed, I > think that you would need to do that with more complex nxlog logic. You can > certainly do a lot of different things within the CE agent (if that is what > you are using), but if you are looking to do something super-sophisticated, > like transforming the content into Key-value Pairs, then that can also be > done, but only in the Enterprise Edition version of the agent. > > Also, purely as an aside (and knowing nothing about the nature of your web > server environment, or what you are “feeding” these logs to), I would highly > recommend NOT forwarding IIS logs via UDP, because unless you do something > special, you are probably going to end up with truncated logs, and in a > forensics situation, some of the things you might be interested in seeing, > will simply be gone. > > All, FWIW. (And, FYI, I’m just another nxlog user…) > > From: Eneko Astorquiza San Nicolás [mailto:eneko.astork...@gmail.com] > Sent: Friday, October 21, 2016 1:21 AM > To: nxlog-ce-users@lists.sourceforge.net > Subject: [nxlog-ce-users] problem with iis logs and snare format > > Hi everyone, > > Is snare format supported for IIS Logs ?? > > I have configured the output as... > > <Output IIS_Out2> > Module om_udp > Host 10.200.45.110 > Exec to_syslog_snare(); > Port 514 > </Output> > > and it sends logs like ... > > <13>Oct 21 06:26:36 SRV-00-20-21 MSWinEventLog 1 N/A 17 Fri Oct > 21 06:26:36 2016 N/A N/A N/A N/A N/A N/A N/A N/A > N/A > > Un saludo > The information transmitted, including any content in this communication is > confidential, is intended only for the use of the intended recipient and is > the property of the Western Union Company or its affiliates and subsidiaries. > If you are not the intended recipient, you are hereby notified that any use > of the information contained in or transmitted with the communication or > dissemination, distribution, or copying of this communication is strictly > prohibited. If you have received this communication in error, please notify > the Western Union sender immediately by replying to this message and delete > the original message ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
