For your file try "C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex*". I have
been using this pattern successfully. It grabs the new logs added to the
currently used log file. The relevant parts of my conf file are below:
Enter code here...<Extension w3c>
Module xm_csv
Fields $date, $time, $s-host, $cs-method, $cs-uri-stem, $cs-
uri-query, $s-port, $cs-username, $c-ip, $csUser-Agent, $sc-status, $sc-
substatus, $sc-win32-status, $time-taken
FieldTypes string, string, string, string, string, string,
integer, string, string, string, integer, integer, integer, integer
Delimiter ' '
QuoteChar '"'
EscapeControl FALSE
UndefValue -
</Extension>
<Input iis>
Module im_file
File "C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex*"
SavePos TRUE
Exec if $raw_event =~ /^#/ drop();\
else\
{\
w3c->parse_csv();\
$EventTime = parsedate($date + " " + $time);\
$EventTime = strftime($EventTime, "%Y-%m-%dT%H:%M:%SZ"); \
$Message = to_json();\
}
</Input>
On Friday, June 19, 2015 at 3:00:33 AM UTC-5, Alberto Hontoria wrote:
>
> Hi friends
>
> We are trying to get iis logs by graylog collector.
>
> We have this config
>
> iis-access {
> type = "file"
> path = "E:\\Logs IIS\\W3SVC1\\?????.log"
> poll-interval = 5s
> }
>
>
> Iis log name changes each day hour, the real format of the log is
> u_exDDMMHH.log
>
> If we test it with the complete path of a file, it works.
>
> But how to retrieve all logs in a directory? We have tested with
> u_ex*.log, or the directory path without sucess
>
> Any clue?
>
> Regards
>
>
--
You received this message because you are subscribed to the Google Groups
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
