|
|
@@ -0,0 +1,70 @@
|
|
|
+Panic Soft
|
|
|
+#NoFreeOnExit TRUE
|
|
|
+
|
|
|
+define ROOT C:\Program Files\nxlog
|
|
|
+define CERTDIR %ROOT%\cert
|
|
|
+define CONFDIR %ROOT%\conf\nxlog.d
|
|
|
+define LOGDIR %ROOT%\data
|
|
|
+
|
|
|
+include %CONFDIR%\\*.conf
|
|
|
+define LOGFILE %LOGDIR%\nxlog.log
|
|
|
+LogFile %LOGFILE%
|
|
|
+
|
|
|
+Moduledir %ROOT%\modules
|
|
|
+CacheDir %ROOT%\data
|
|
|
+Pidfile %ROOT%\data\nxlog.pid
|
|
|
+SpoolDir %ROOT%\data
|
|
|
+
|
|
|
+<Extension _syslog>
|
|
|
+ Module xm_syslog
|
|
|
+</Extension>
|
|
|
+
|
|
|
+<Extension _charconv>
|
|
|
+ Module xm_charconv
|
|
|
+ AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
|
|
|
+</Extension>
|
|
|
+
|
|
|
+<Extension _exec>
|
|
|
+ Module xm_exec
|
|
|
+</Extension>
|
|
|
+
|
|
|
+<Extension _fileop>
|
|
|
+ Module xm_fileop
|
|
|
+
|
|
|
+ # Check the size of our log file hourly, rotate if larger than 5MB
|
|
|
+ <Schedule>
|
|
|
+ Every 1 hour
|
|
|
+ Exec if (file_exists('%LOGFILE%') and \
|
|
|
+ (file_size('%LOGFILE%') >= 5M)) \
|
|
|
+ file_cycle('%LOGFILE%', 8);
|
|
|
+ </Schedule>
|
|
|
+
|
|
|
+ # Rotate our log file every week on Sunday at midnight
|
|
|
+ <Schedule>
|
|
|
+ When @weekly
|
|
|
+ Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
|
|
|
+ </Schedule>
|
|
|
+</Extension>
|
|
|
+
|
|
|
+<Extension _gelf>
|
|
|
+ Module xm_gelf
|
|
|
+</Extension>
|
|
|
+
|
|
|
+# Snare compatible example configuration
|
|
|
+# Collecting event log
|
|
|
+ <Input in>
|
|
|
+ Module im_msvistalog
|
|
|
+ </Input>
|
|
|
+
|
|
|
+# Converting events to Snare format and sending them out over TCP syslog
|
|
|
+ <Output out>
|
|
|
+ Module om_udp
|
|
|
+ Host [Graylog.Server.IP.Address]
|
|
|
+ Port 12201
|
|
|
+ OutputType GELF
|
|
|
+ </Output>
|
|
|
+#
|
|
|
+# Connect input 'in' to output 'out'
|
|
|
+ <Route 1>
|
|
|
+ Path in => out
|
|
|
+ </Route>
|
Lawrence Systems