NXlog+GrayLog2中的IIS日志按状态码过滤
Filter IIS logs in NXlog+GrayLog2 by status code
我有
<Extension w3c>
Module xm_csv
Fields $date, $time, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, $s-port, $cs-username, $c-ip, $csUser-Agent, $cs-Referer, $cs-host, $sc-status, $sc-substatus, $sc-win32-status, $time-taken
FieldTypes string, string, string, string, string, string, integer, string, string, string, string, string, integer, integer, integer, integer
Delimiter ' '
QuoteChar '"'
EscapeControl FALSE
UndefValue -
</Extension>
我有
<Input iis>
Module im_file
File "C:\inetpub\logs\LogFiles\u_ex*.log"
SavePos TRUE
Exec \
if $raw_event =~ /^#/ drop(); \
else \
{ \
w3c->parse_csv(); \
$EventTime = parsedate($date + " " + $time); \
$EventTime = strftime($EventTime, "%Y-%m-%dT%H:%M:%SZ"); \
$SourceName = "IIS"; \
}
</Input>
当我尝试添加类似
的内容时
if $raw_event =~ /^#/ or $sc-status == 101 drop(); \
我在日志中收到这样的错误:
couldn't parse statement at line 91, character 46 in C:\Program Files (x86)\nxlog\conf\nxlog.conf; syntax error, unexpected -, expecting (
我试过使用类似的选项,但没有用。
我做错了什么,请帮助我。谢谢
我找到了解决方案,只需将名为 sc-status 的 <Extension w3c> 字段重命名为 scStatus,错误就消失了。因为解析器按顺序获取列,而不是按名称。
我也从nxlog社区得到了答案
Link
我有
<Extension w3c>
Module xm_csv
Fields $date, $time, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, $s-port, $cs-username, $c-ip, $csUser-Agent, $cs-Referer, $cs-host, $sc-status, $sc-substatus, $sc-win32-status, $time-taken
FieldTypes string, string, string, string, string, string, integer, string, string, string, string, string, integer, integer, integer, integer
Delimiter ' '
QuoteChar '"'
EscapeControl FALSE
UndefValue -
</Extension>
我有
<Input iis>
Module im_file
File "C:\inetpub\logs\LogFiles\u_ex*.log"
SavePos TRUE
Exec \
if $raw_event =~ /^#/ drop(); \
else \
{ \
w3c->parse_csv(); \
$EventTime = parsedate($date + " " + $time); \
$EventTime = strftime($EventTime, "%Y-%m-%dT%H:%M:%SZ"); \
$SourceName = "IIS"; \
}
</Input>
当我尝试添加类似
的内容时if $raw_event =~ /^#/ or $sc-status == 101 drop(); \
我在日志中收到这样的错误:
couldn't parse statement at line 91, character 46 in C:\Program Files (x86)\nxlog\conf\nxlog.conf; syntax error, unexpected -, expecting (
我试过使用类似的选项,但没有用。
我做错了什么,请帮助我。谢谢
我找到了解决方案,只需将名为 sc-status 的 <Extension w3c> 字段重命名为 scStatus,错误就消失了。因为解析器按顺序获取列,而不是按名称。
我也从nxlog社区得到了答案 Link