I'll add that the snare format puts concise important information after verbose
not-so-important information, so when it truncates things you loose stuff you
want.
you are far better off forwarding the logs as JSON via TCP
David Lang
On Mon, 24 Oct 2016,
Botond Botyanszki wrote:
Hi,
I believe this is the same question posted here:
https://nxlog.co/question/2070/problems-iis-logs-and-snare-format
The answer is pretty much the same what Marvin wrote.
Regards,
Botond
On Fri, 21 Oct 2016 17:59:41 +0000
Marvin Nipper <marvin.nip...@westernunion.com> wrote:
Hi. Botond will jump in if I lead you astray, but the to_syslog_snare function
is really about Windows Event transformations (to emulate the specific SNARE
_Windows OS_ agent output), and not intended to handle other event types.
I’ve never used the SNARE Epilog agent (intended for “flat file” content), but
had the impression that it pretty much collected, and forwarded, the data in
the same format as is found in the log files, be they IIS, or any other type of
flat file. So, if you are looking to have that data transformed, I think that
you would need to do that with more complex nxlog logic. You can certainly do
a lot of different things within the CE agent (if that is what you are using),
but if you are looking to do something super-sophisticated, like transforming
the content into Key-value Pairs, then that can also be done, but only in the
Enterprise Edition version of the agent.
Also, purely as an aside (and knowing nothing about the nature of your web
server environment, or what you are “feeding” these logs to), I would highly
recommend NOT forwarding IIS logs via UDP, because unless you do something
special, you are probably going to end up with truncated logs, and in a
forensics situation, some of the things you might be interested in seeing, will
simply be gone.
All, FWIW. (And, FYI, I’m just another nxlog user…)
From: Eneko Astorquiza San Nicolás [mailto:eneko.astork...@gmail.com]
Sent: Friday, October 21, 2016 1:21 AM
To: nxlog-ce-users@lists.sourceforge.net
Subject: [nxlog-ce-users] problem with iis logs and snare format
Hi everyone,
Is snare format supported for IIS Logs ??
I have configured the output as...
<Output IIS_Out2>
Module om_udp
Host 10.200.45.110
Exec to_syslog_snare();
Port 514
</Output>
and it sends logs like ...
<13>Oct 21 06:26:36 SRV-00-20-21 MSWinEventLog 1 N/A 17 Fri Oct 21
06:26:36 2016 N/A N/A N/A N/A N/A N/A N/A N/A N/A
Un saludo
The information transmitted, including any content in this communication is
confidential, is intended only for the use of the intended recipient and is the
property of the Western Union Company or its affiliates and subsidiaries. If
you are not the intended recipient, you are hereby notified that any use of the
information contained in or transmitted with the communication or
dissemination, distribution, or copying of this communication is strictly
prohibited. If you have received this communication in error, please notify the
Western Union sender immediately by replying to this message and delete the
original message
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
