Arquivo de configurção para enviar arquvios deletados do servidor windows para o GrayLog
Acesse https://nxlog.co/downloads/nxlog-ce#nxlog-community-edition para baixar a aplicação para Windows
Instale o Nxlog em C:\nxlog
Edite o arquivo c:\nxlog\conf\nxlog.conf
Copie e cole essa diretiva.
Maiores inforamções em:
https://docs.nxlog.co/userguide/integrate/windows-eventlog.html
Panic Soft #NoFreeOnExit TRUE define ROOT C:\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf\nxlog.d define LOGDIR %ROOT%\data include %CONFDIR%\\*.conf define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE% Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data <Extension _syslog> Module xm_syslog </Extension> <Extension _charconv> Module xm_charconv AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32 </Extension> <Extension _exec> Module xm_exec </Extension> <Extension _fileop> Module xm_fileop # Check the size of our log file hourly, rotate if larger than 5MB <Schedule> Every 1 hour Exec if (file_exists('%LOGFILE%') and \ (file_size('%LOGFILE%') >= 5M)) \ file_cycle('%LOGFILE%', 8); </Schedule> # Rotate our log file every week on Sunday at midnight <Schedule> When @weekly Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8); </Schedule> </Extension> <Extension _gelf> Module xm_gelf </Extension> # <Input in> # Module im_msvistalog # </Input> <Input security_events> Module im_msvistalog <QueryXML> <QueryList> <Query Id="0"> <Select Path="Security"> *[System[(Level=0) and (EventID=5145)]] and *[EventData[Data[@Name='AccessMask']and(Data='0x110080')]] </Select> </Query> </QueryList> </QueryXML> </Input> <Output out> Module om_udp Host log.cuidadodigital.com.br Port 12201 Exec to_syslog_snare(); OutputType GELF_UDP </Output> <Route 1> # Path in => security_events => out Path security_events => out </Route>
Sobre o Autor