Arquivo de configurção para enviar arquvios deletados do servidor windows para o GrayLog
Acesse https://nxlog.co/downloads/nxlog-ce#nxlog-community-edition para baixar a aplicação para Windows
Instale o Nxlog em C:\nxlog
Edite o arquivo c:\nxlog\conf\nxlog.conf
Copie e cole essa diretiva.
Maiores inforamções em:
https://docs.nxlog.co/userguide/integrate/windows-eventlog.html
Panic Soft
#NoFreeOnExit TRUE
define ROOT C:\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf\nxlog.d
define LOGDIR %ROOT%\data
include %CONFDIR%\\*.conf
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension _charconv>
Module xm_charconv
AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
</Extension>
<Extension _exec>
Module xm_exec
</Extension>
<Extension _fileop>
Module xm_fileop
# Check the size of our log file hourly, rotate if larger than 5MB
<Schedule>
Every 1 hour
Exec if (file_exists('%LOGFILE%') and \
(file_size('%LOGFILE%') >= 5M)) \
file_cycle('%LOGFILE%', 8);
</Schedule>
# Rotate our log file every week on Sunday at midnight
<Schedule>
When @weekly
Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
</Schedule>
</Extension>
<Extension _gelf>
Module xm_gelf
</Extension>
# <Input in>
# Module im_msvistalog
# </Input>
<Input security_events>
Module im_msvistalog
<QueryXML>
<QueryList>
<Query Id="0">
<Select Path="Security">
*[System[(Level=0) and (EventID=5145)]]
and
*[EventData[Data[@Name='AccessMask']and(Data='0x110080')]]
</Select>
</Query>
</QueryList>
</QueryXML>
</Input>
<Output out>
Module om_udp
Host log.cuidadodigital.com.br
Port 12201
Exec to_syslog_snare();
OutputType GELF_UDP
</Output>
<Route 1>
# Path in => security_events => out
Path security_events => out
</Route>
Você precisa fazer login para comentar.