For your file try "C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex*". I have been using this pattern successfully. It grabs the new logs added to the currently used log file. The relevant parts of my conf file are below: Enter code here...<Extension w3c> Module xm_csv Fields $date, $time, $s-host, $cs-method, $cs-uri-stem, $cs- uri-query, $s-port, $cs-username, $c-ip, $csUser-Agent, $sc-status, $sc- substatus, $sc-win32-status, $time-taken FieldTypes string, string, string, string, string, string, integer, string, string, string, integer, integer, integer, integer Delimiter ' ' QuoteChar '"' EscapeControl FALSE UndefValue - </Extension> <Input iis> Module im_file File "C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex*" SavePos TRUE Exec if $raw_event =~ /^#/ drop();\ else\ {\ w3c->parse_csv();\ $EventTime = parsedate($date + " " + $time);\ $EventTime = strftime($EventTime, "%Y-%m-%dT%H:%M:%SZ"); \ $Message = to_json();\ } </Input>
On Friday, June 19, 2015 at 3:00:33 AM UTC-5, Alberto Hontoria wrote: > > Hi friends > > We are trying to get iis logs by graylog collector. > > We have this config > > iis-access { > type = "file" > path = "E:\\Logs IIS\\W3SVC1\\?????.log" > poll-interval = 5s > } > > > Iis log name changes each day hour, the real format of the log is > u_exDDMMHH.log > > If we test it with the complete path of a file, it works. > > But how to retrieve all logs in a directory? We have tested with > u_ex*.log, or the directory path without sucess > > Any clue? > > Regards > > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.