NXLOG CE – Windows

Posted on August 1, 2024 by Tom Hamilton
Reading Time: < 1 minute

Last Updated: 8/2/2024

I should have had this posted in here years before. Please note there is a similar version from SolarWinds. I honestly do not recall if I have posted anything about that one. Both versions are fairly similar I am switching my focus to using this product for a while. To be honest, I have had issues with the SolarWinds product consuming CPU usage. Enough said. That could be on me – your mileage may very.

The NXLOG CE for windows can be used to forward Windows Events to syslog for storage, normalization, and action.

There is a Community Edition of the Tool.
See; Link then select the windows/msi and download.

The configuration file would be: nxlog.conf and can be found in C:\Program Files\nxlog\conf

Please note that this configuration has an input, output, and route. Reading through the configuration information might be the most challenging piece to configuring this.

No – I would not be so lazy as to actually leave an ip address from my lab in the config (yes I would, and this is it)

Panic Soft
#NoFreeOnExit TRUE

<Extension _syslog>
    Module      xm_syslog
</Extension>

<Extension _charconv>
    Module      xm_charconv
    AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
</Extension>

<Extension _exec>
    Module      xm_exec
</Extension>

<Input eventlog>
    Module          im_msvistalog
    <QueryXML>
        <QueryList>
            <Query Id='0'>
                <Select Path='Application'>*</Select>
                <Select Path='Security'>*</Select>
                <Select Path='System'>*</Select>
            </Query>
        </QueryList>
    </QueryXML>
</Input>

<Output tcp>
    Module      om_tcp
    Host        192.168.160.152
    Port        514
    Exec        to_syslog_snare();
</Output>

<Route eventlog_to_tcp>
    Path    eventlog => tcp
</Route>

Remember to start and stop the service while you are testing your configuration.

Please note: C:\Program Files\nxlog\data and file nxlog. This can be used to check for artifacts or clues if you made a typo in the config.

https://nxlog.co/products/nxlog-community-edition
https://docs.nxlog.co/ce/current/index.html#im_mseventlog
https://docs.nxlog.co/userguide/intro/modules-and-routes.html
https://nxlog.co/page/eventlog-to-syslog.html
https://nxlog.co/downloads

This entry was posted in Logging, Syslog, Windows. Bookmark the permalink.