How to create the NXLog config file using powershell?

Sorry, my native language is not English. I may not be able to express myself properly. So I’m sorry if my question isn’t clear enough.

I want to briefly explain what I want to do. I’m sure you know the nxlog implementation. I want to create the “nxlog.conf” config file with powershell in “C:\Program Files (x86)\nxlog\conf” folder with powershell script.

I find the path to the previously attached domain name list and Log folder (and site ids) on the IIS web server using powershell with the following commands.

How can I create nxlog.conf file for sites on IIS with powershell, since IIS WEB Server has too many domains?

Domain name list: Get-ChildItem C:\inetpub\vhosts -Directory -Exclude .skel,default,forwarding,Servers,sitebuilder,webmail | ForEach-Object {$_.Name}

log file/path for websites:
Get-Website domain1.org | % { Join-Path ($.logFile.Directory -replace ‘%SystemDrive%’, $env:SystemDrive) "W3SVC$($.id)" }
Get-Website domain2.net | % { Join-Path ($.logFile.Directory -replace ‘%SystemDrive%’, $env:SystemDrive) "W3SVC$($.id)" }


I created the nxlog config file manually by adding 6 domains on my test server. This way nxlog.conf works of course. But of course, this takes a lot of time and it is impossible to follow when new sites are added.

How can I make the nxlog.conf file using powershell for all webpages on the IIS web server?

The working nxlog.conf file that I created manually is attached for your review.

Based on this, I could not create a domain/website list and log folder list mapping and a config file that works with “$domain” loop. I need help with this.

https://pasteboard.co/JLoBBtF.png

https://pasteboard.co/JLoBBtF.png

The contents of the nxlog.conf file should be as follows.

Panic Soft #NoFreeOnExit TRUE

define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data

<Extension json>
Module xm_json
</Extension>

<Extension syslog>
Module xm_syslog
</Extension>

<Input internal>
Module im_internal
</Input>

Watch your IIS log files

<Input domain1.org>
Module im_file
File ‘C:\Inetpub\vhosts<strong>domain1.org\logs\iis<strong>W3SVC8\u_ex*.log’
SavePos TRUE
Recursive TRUE
Exec $Message = $raw_event;
</Input>

Watch your IIS log files

<Input domain2.net>
Module im_file
File ‘C:\Inetpub\vhosts\domain2.net\logs\iis\W3SVC9\u_ex*.log’
SavePos TRUE
Recursive TRUE
Exec $Message = $raw_event;
</Input>

Watch your IIS log files

<Input domain3.com>
Module im_file
File ‘C:\Inetpub\vhosts\domain3.com\logs\iis\W3SVC10\u_ex*.log’
SavePos TRUE
Recursive TRUE
Exec $Message = $raw_event;
</Input>

Watch your IIS log files

<Input domain4.ru>
Module im_file
File ‘C:\Inetpub\vhosts\domain4.ru\logs\iis\W3SVC11\u_ex*.log’
SavePos TRUE
Recursive TRUE
Exec $Message = $raw_event;
</Input>

Watch your IIS log files

<Input domain5.de>
Module im_file
File ‘C:\Inetpub\vhosts\domain5.de\logs\iis\W3SVC12\u_ex*.log’
SavePos TRUE
Recursive TRUE
Exec $Message = $raw_event;
</Input>

Watch your IIS log files

<Input domain6.nl>
Module im_file
File ‘C:\Inetpub\vhosts\domain6.nl\logs\iis\W3SVC13\u_ex*.log’
SavePos TRUE
Recursive TRUE
Exec $Message = $raw_event;
</Input>

<Output out>
Module om_udp
Host 8.8.4.4
Port 514

Exec $tmpmessage = $Message; delete($Message); rename_field(“tmpmessage”,“message”);
Exec $raw_event = to_json();

Uncomment for debug output

Exec file_write(‘%ROOT%\data\nxlog_output.log’, $raw_event + “\n”);

</Output>

<Route 1>
Path internal, domain1.org, domain2.net, domain3.com, domain4.ru, domain5.de, domain6.nl => out
</Route>

First, you should start with just getting the information you need to build the file. Try something like this and see if you get the website information in the variable:

$webSites = Get-ChildItem C:\inetpub\vhosts -Directory -Exclude .skel,default,forwarding,Servers,sitebuilder,webmail | 
            Select-Object -Property Name, 
                                    BaseName,
                                    @{Name='LogFile';Expression={[System.Environment]::ExpandEnvironmentVariables((Get-WebSite -Name $_.Name).LogFile.Directory) }} 


$webSites

Once you have the data in the variable, it should look something like this:

PS C:\Users\rasim> $websites


Name        BaseName FullName                      LogFile
----        -------- --------                      -------
domain1.org domain1  C:\inetpub\vhosts\domain1.org C:\Inetpub\vhosts\domain1.org\logs\iis\W3SVC8\u_ex*.log
domain2.org domain2  C:\inetpub\vhosts\domain2.org C:\Inetpub\vhosts\domain1.org\logs\iis\W3SVC9\u_ex*.log

Then you can build the file like so:

$websites = @()
$webSites += [PSCustomObject]@{
    Name = 'domain1.org'
    BaseName = 'domain1'
    FullName = 'C:\inetpub\vhosts\domain1.org'
    LogFile = 'C:\Inetpub\vhosts\domain1.org\logs\iis\W3SVC8\u_ex*.log'
}

$webSites += [PSCustomObject]@{
    Name = 'domain2.org'
    BaseName = 'domain2'
    FullName = 'C:\inetpub\vhosts\domain2.org'
    LogFile = 'C:\Inetpub\vhosts\domain1.org\logs\iis\W3SVC9\u_ex*.log'
}

$nodes = foreach ($webSite in $webSites) {
@"
# Watch your IIS log files
<Input $($website.Name)>
Module im_file
File ‘$($website.LogFile)’
SavePos TRUE
Recursive TRUE
Exec $Message =$raw_event;
</Input>
"@
}

$file = @"
Panic Soft
#NoFreeOnExit TRUE
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data

<Extension json>
Module xm_json
</Extension>

<Extension syslog>
Module xm_syslog
</Extension>

<Input internal>
Module im_internal
</Input>

$($nodes -join ([environment]::NewLine * 2))

"@

$file

The one thing to pay attention to are in the here string, which is the @" content, there are some values that start with $ (e.g.$Message). As Powershell uses the same token, you need to add an accent character ( ` ) as an escape or it will try to resolve $Message.

Hi Rob. Thanks a lot for the answer.
The first two commands are absolutely brilliant. I was trying to do exactly that.

But I may not have fully understood what you said about the 3 commands. When I run the last command, the result is not as follows.

I may not have noticed some important points you wrote down.

When you run your last commands, can you see a result like the following?

 

Panic Soft #NoFreeOnExit TRUE

define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data

<Extension json>
Module xm_json
</Extension>

<Extension syslog>
Module xm_syslog
</Extension>

<Input internal>
Module im_internal
</Input>

Watch your IIS log files

<Input domain1.org>
Module im_file
File ‘C:\Inetpub\vhosts\domain1.org\logs\iis\W3SVC8\u_ex*.log’
SavePos TRUE
Recursive TRUE
Exec $Message = $raw_event;
</Input>

Watch your IIS log files

<Input domain2.net>
Module im_file
File ‘C:\Inetpub\vhosts\domain2.net\logs\iis\W3SVC9\u_ex*.log’
SavePos TRUE
Recursive TRUE
Exec $Message = $raw_event;
</Input>

Watch your IIS log files

<Input domain3.com>
Module im_file
File ‘C:\Inetpub\vhosts\domain3.com\logs\iis\W3SVC10\u_ex*.log’
SavePos TRUE
Recursive TRUE
Exec $Message = $raw_event;
</Input>

Watch your IIS log files

<Input domain4.ru>
Module im_file
File ‘C:\Inetpub\vhosts\domain4.ru\logs\iis\W3SVC11\u_ex*.log’
SavePos TRUE
Recursive TRUE
Exec $Message = $raw_event;
</Input>

Watch your IIS log files

<Input domain5.de>
Module im_file
File ‘C:\Inetpub\vhosts\domain5.de\logs\iis\W3SVC12\u_ex*.log’
SavePos TRUE
Recursive TRUE
Exec $Message = $raw_event;
</Input>

Watch your IIS log files

<Input domain6.nl>
Module im_file
File ‘C:\Inetpub\vhosts\domain6.nl\logs\iis\W3SVC13\u_ex*.log’
SavePos TRUE
Recursive TRUE
Exec $Message = $raw_event;
</Input>

<Output out>
Module om_udp
Host 8.8.4.4
Port 514

Exec $tmpmessage = $Message; delete($Message); rename_field(“tmpmessage”,“message”);
Exec $raw_event = to_json();

Uncomment for debug output

Exec file_write(‘%ROOT%\data\nxlog_output.log’, $raw_event + “\n”);

</Output>

<Route 1>
Path internal, domain1.org, domain2.net, domain3.com, domain4.ru, domain5.de, domain6.nl => out
</Route>

The goal was to get you started to show you the basics, not create the script for you. The only other portion is the Route, which can be accomplished by adding ‘internal’ to the domain array and doing a join. The purpose of the forum is to share YOUR code and we assist.