在IIS中使用NXLog并具有json输出
在IIS中使用NXLog并具有json输出
提问于 2015-09-05 08:08:50
我试图使用nxlog对IIS文件进行分类,并创建一个JSON输出,以便以后可以将它推到logstash中
然而,我得到的只是文件中的原始数据,而不是引导我预期的格式化输出,例如JSON/nxlog-iis.conf。
这是我的配置文件
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT D:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension json>
Module xm_json
</Extension>
# Select the input folder where logs will be scanned
# Create the parse rule for IIS logs. You can copy these from the header of the IIS log file.
# Uncomment Extension w3c for IIS logging
<Extension w3c>
Module xm_csv
#Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
Fields $date, $time, $s-sitename, $s-computername, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, $s-port, $cs-username, $c-ip, $csUser-Agent, $cs-cookie, $cs-referrer, $cs-host, $sc-status, $sc-substatus, $sc-win32-status, $sc-bytes, $cs-bytes, $time-taken
FieldTypes string, string, string, string, string, string, string, string, integer, string, string, string, string, string, string, integer, integer, integer, integer, integer, integer
Delimiter ' '
UndefValue -
QuoteChar '"'
EscapeControl FALSE
</Extension>
<Input iis_logs>
Module im_file
File "C:\\Resources\\Directory\\\\u_ex*.log"
ReadFromLast True
Recursive True
SavePos True
Exec if $raw_event =~ /^#/ drop(); \
else \
{ \
w3c->parse_csv(); \
$EventTime = parsedate($date + " " + $time); \
$SourceName = "IIS"; \
$Message = to_json(); \
}
</Input>
<Output debug>
Module om_file
File "C:\\nxlog-debug.txt"
</Output>
<Route 1>
Path iis_logs => debug
</Route>和我的输出(不是json)
2015-09-05 07:42:00 W3SVC1273337584 ****** *.*.*.* GET / - 443 - *.*.*.* HTTP/1.1 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) - - *.*.*.* 403 14 0 5530 258 31
2015-09-05 07:42:00 W3SVC1273337584 ****** *.*.*.* GET / - 443 - *.*.*.* HTTP/1.1 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) - - *.*.*.* 403 14 0 5530 258 16
2015-09-05 07:53:05 W3SVC1273337584 ****** *.*.*.* GET / - 443 - *.*.*.* HTTP/1.1 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) - - *.*.*.* 403 14 0 5530 258 31
2015-09-05 07:53:06 W3SVC1273337584 ****** *.*.*.* GET / - 443 - *.*.*.* HTTP/1.1 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) - - *.*.*.* 403 14 0 5530 258 31我想我已经接近了,但我错过了什么呢?
回答 1
Stack Overflow用户
回答已采纳
发布于 2015-09-06 09:30:58
默认情况下,om_file将$raw_event写入输出,所有其他字段(包括$Message )都会被丢弃。所以你需要
$raw_event = to_json();或者只是简单的
to_json();两者是等同的。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/32410888
复制相关文章
相似问题
腾讯云开发者
