Code666 (代码贴、代码片段)

[Plain Text] IIS服务器配置NXLog进行syslog转发(并解决GMT+8小时时差问题) →→→→→进入此内容的聊天室

来自 Cute Earthworm, 2023-06-26, 写在 Plain Text, 查看 48 次.
URL http://www.code666.cn/view/a8210fe7
  1. https://www.cnblogs.com/yangjisen/archive/2020/04/26/12779324.html
  2.  
  3. 完整配置文件:conf\nxlog.conf
  4.  
  5.  
  6. Panic Soft
  7. #NoFreeOnExit TRUE
  8.  
  9. define ROOT     C:\Program Files (x86)\nxlog
  10. define CERTDIR  %ROOT%\cert
  11. define CONFDIR  %ROOT%\conf
  12. define LOGDIR   %ROOT%\data
  13. define LOGFILE  %LOGDIR%\nxlog.log
  14. LogFile %LOGFILE%
  15.  
  16. Moduledir %ROOT%\modules
  17. CacheDir  %ROOT%\data
  18. Pidfile   %ROOT%\data\nxlog.pid
  19. SpoolDir  %ROOT%\data
  20.  
  21. <Extension w3c>
  22.     Module xm_csv
  23.     Fields $datetime, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, $s-port, $cs-username, $c-ip, $csUser-Agent, $cs-Referer, $cs-host, $sc-status, $sc-substatus, $sc-win32-status, $time-taken
  24.     FieldTypes string, string, string, string, string, string, string, string, string, string, string, string, string, string, string
  25.     Delimiter ' '
  26.     QuoteChar '"'
  27.     EscapeControl TRUE
  28.     UndefValue -
  29. </Extension>
  30.  
  31. <Extension _syslog>
  32.     Module      xm_syslog
  33. </Extension>
  34.  
  35. <Extension _charconv>
  36.     Module      xm_charconv
  37.     AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
  38. </Extension>
  39.  
  40. <Extension _exec>
  41.     Module      xm_exec
  42. </Extension>
  43.  
  44. <Extension _fileop>
  45.     Module      xm_fileop
  46.  
  47.     # Check the size of our log file hourly, rotate if larger than 5MB
  48.     <Schedule>
  49.         Every   1 hour
  50.         Exec    if (file_exists('%LOGFILE%') and \
  51.                    (file_size('%LOGFILE%') >= 5M)) \
  52.                     file_cycle('%LOGFILE%', 8);
  53.     </Schedule>
  54.  
  55.     # Rotate our log file every week on Sunday at midnight
  56.     <Schedule>
  57.         When    @weekly
  58.         Exec    if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
  59.     </Schedule>
  60. </Extension>
  61.  
  62. <Input IISin>
  63.    Module   im_file
  64.    # IIS日志目录,文件名支持通配符,文件夹不支持
  65.    File     "C:\inetpub\logs\LogFiles\W3SVC1\u_ex*.log"
  66.    SavePos  TRUE
  67.    # 忽略以#开头的日志行
  68.    # 编码转换为GBK(我的日志审计服务器默认为GBK编码,而IIS日志的编码为UTF-8,请按实际情况设置)
  69.    # 合并日期与时间为一个字段
  70.    # 解析为CSV格式
  71.    # 通过xm_csv模块对W3C扩展日志进行解析
  72.    # 将合并后的日期与时间作为EventTime(发生时间),并增加GMT标志(+00:00)解决IIS8小时时差问题
  73.    Exec if $raw_event =~ /^#/ drop();                              \
  74.         else                                                       \
  75.         {                                                          \
  76.           convert_fields("AUTO", "GBK");                           \
  77.           $raw_event = replace($raw_event, ' ', '@', 1);           \
  78.           w3c->parse_csv();                                        \
  79.           $raw_event = replace($raw_event, ' ', "\t");             \
  80.           $raw_event = replace($raw_event, '@', ' ', 1);           \
  81.           $EventTime = parsedate(replace($datetime, '@', ' ', 1) + '+00:00'); \
  82.         }
  83. </Input>
  84.  
  85. <Output IISout>
  86.    Module om_udp
  87.    Host 10.168.100.1
  88.    Port 514
  89.    Exec to_syslog_bsd();
  90. </Output>
  91.  
  92. <Route 1>
  93.    Path IISin => IISout
  94. </Route>

回复 "IIS服务器配置NXLog进行syslog转发(并解决GMT+8小时时差问题)"

这儿你可以回复上面这条便签

captcha

贴代码片段 - Code666