# Notes
# Output port can be set to whatever you would like in the Graylog input.
# In NPS I set the accounting logs for all 4 logging options and ODBC (legacy) type.
# This was the best type of logging that I was able to extract fields and parse for Palo Alto user-id.
 
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
 
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Input in>
    Module      im_file
    File "C:\\$PATH\\IN*.log"
    InputType LineBased
	Exec $Message = $raw_event;
	SavePos TRUE    
	ReadFromLast TRUE
</Input>

<Output out>
    Module      om_tcp
    Host        192.168.1.1
    Port        8899
</Output>

<Route 1>
    Path        in => out
</Route>