## Please set the ROOT to your nxlog installation directory

define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension syslog>
  Module xm_syslog
</Extension>

# Monitor application log files
<Input watchfile>
  Module im_file
  # File 'C:\\path\\to\\*.log'
  Exec $Message = $raw_event;
  Exec if file_name() =~ /.*\\(.*)/ $SourceName = $1;
  SavePos TRUE
  Recursive TRUE
</Input>

# Monitor a single application log file
#<Input watchfile2>
#  Module im_file
#  # File 'C:\\path\\to\\a\\single\\file.log'
#  Exec $Message = $raw_event;
#  Exec if file_name() =~ /.*\\(.*)/ $SourceName = $1;
#  SavePos TRUE
#  Recursive FALSE
#</Input>

# Monitor Windows event logs
<Input eventlog>
  # Uncomment for Windows Vista/2008 or later
  Module im_msvistalog

  # Uncomment for Windows 2000 or later
  # Module im_mseventlog
</Input>

<Output syslogout>
  Module om_ssl
  Host logsN.papertrailapp.com
  Port XXXXX
  Exec $Hostname = hostname(); to_syslog_ietf();
  OutputType Syslog_TLS
  CAFile %CERTDIR%/papertrail-bundle.pem
  AllowUntrusted FALSE
</Output>

<Route 1>
  Path eventlog, watchfile => syslogout
</Route>

# Replace route 1 with this implementation if watchfile2 is active
#<Route 1>
#  Path eventlog, watchfile, watchfile2 => syslogout
#</Route>