# Notes
# Output port can be set to whatever you would like in the Graylog input.
# In NPS I set the accounting logs for all 4 logging options and ODBC (legacy) type.
# This was the best type of logging that I was able to extract fields and parse for Palo Alto user-id.
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
Module im_file
File "C:\\$PATH\\IN*.log"
InputType LineBased
Exec $Message = $raw_event;
SavePos TRUE
ReadFromLast TRUE
Path in => out