Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Panic Soft
- #NoFreeOnExit TRUE
- define ROOT C:\Program Files (x86)\nxlog
- define CERTDIR %ROOT%\cert
- define CONFDIR %ROOT%\conf
- define LOGDIR %ROOT%\data
- define LOGFILE %LOGDIR%\nxlog.log
- LogFile %LOGFILE%
- Moduledir %ROOT%\modules
- CacheDir %ROOT%\data
- Pidfile %ROOT%\data\nxlog.pid
- SpoolDir %ROOT%\data
- <Extension _syslog>
- Module xm_syslog
- </Extension>
- <Extension _charconv>
- Module xm_charconv
- AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
- </Extension>
- <Extension _exec>
- Module xm_exec
- </Extension>
- <Extension _fileop>
- Module xm_fileop
- # Check the size of our log file hourly, rotate if larger than 5MB
- <Schedule>
- Every 1 hour
- Exec if (file_exists('%LOGFILE%') and \
- (file_size('%LOGFILE%') >= 5M)) \
- file_cycle('%LOGFILE%', 8);
- </Schedule>
- # Rotate our log file every week on Sunday at midnight
- <Schedule>
- When @weekly
- Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
- </Schedule>
- </Extension>
- <Extension _gelf>
- Module xm_gelf
- </Extension>
- define MonitoredEventIds 4625, 4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, \
- 4767, 4781, 4794
- <Input eventlog>
- Module im_msvistalog
- <QueryXML>
- <QueryList>
- <Query Id='0'>
- <Select Path='Security'>*</Select>
- </Query>
- </QueryList>
- </QueryXML>
- <Exec>
- if $EventID NOT IN (%MonitoredEventIds%) drop();
- </Exec>
- </Input>
- <Output out>
- Module om_udp
- Host IP_DO_GRAYLOG
- Port PORTA
- OutputType GELF
- </Output>
- <Route 1>
- Path eventlog => out
- </Route>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
