3
Copyright © All rights are reserved by N-Partner Technologies Co.
## This is a sample configuration file. See the nxlog reference manual about the
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension syslog>
Module xm_syslog
</Extension>
<Input in_eventlog>
# For windows 2003 and earlier use the following:
Module im_mseventlog
Exec parse_syslog_bsd(); \
if ($EventID == 672 or $EventID == 673 or $EventID == 675 or $EventID == 528 or $EventID == 529 or $EventID == 538 or $EventID ==
540 or $EventID == 551 or $EventID == 560 or $EventID == 612 or $EventID == 624 or $EventID == 626 or $EventID == 627 or $EventID == 628
or $EventID == 629 or $EventID == 630 or $EventID == 631 or $EventID == 632 or $EventID == 633 or $EventID == 634 or $EventID == 635 or
$EventID == 636 or $EventID == 637 or $EventID == 638 or $EventID == 641 or $EventID == 642 or $EventID == 645 or $EventID == 646 or
$EventID == 647) { $SyslogFacilityValue = 13; } \
else if ($SourceName == "Service Control Manager") { $SyslogFacilityValue = 13; } \
else if ($SourceName =~ /^MSSQL*/) { $SyslogFacilityValue = 18; } \
else\
{\
drop();\
}
</Input>
<Output out_eventlog>
Module om_udp
Host 192.168.2.64
Port 514
Exec $Message = string($EventID) + ": " + $Message;
Exec if ($EventType == 'ERROR' or $EventType == 'AUDIT_FAILURE') { $SyslogSeverityValue = 3; } \
else if ($EventType == 'WARNING') { $SyslogSeverityValue = 4; } \
else if ($EventType == 'INFO' or $EventType == 'AUDIT_SUCCESS') { $SyslogSeverityValue = 5; }
Exec to_syslog_bsd();
</Output>
<Route eventlog>
Path in_eventlog => out_eventlog
</Route>
绿色部位请选择 NXLOG 正确的安装路径,
本例环境为 32 位系统选择"define ROOT C:\Program Files\nxlog"。
红色部位输入 N-Reporter IP,本例输入"192.168.2.64"。
评论0