Integrating Windows Events

In windows there are no system daemon present, so we are using a plugin or agent i.e. nxlog forwarder.

Steps to configure nxlog forwarder on your windows system

  1. Install Nxlog from here.
  2. Open the Nxlog configuration file at this path
: C:\Program Files (x86)\nxlog\conf\nxlog.conf
  1. Replace the entire configuration file content with this:
## This is a sample NXLog configuration file created by Loggly. June 2013
## See the nxlog reference manual about the configuration options.
## It should be installed locally and is also available
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html
define ROOT C:\Program Files (x86)\nxlog
define ROOT_STRING C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel INFO
# Include fileop while debugging, also enable in the output module below
<Extension fileop>
 Module xm_fileop
</Extension>
<Extension json>
 Module xm_json
</Extension>
<Extension syslog>
 Module xm_syslog
</Extension>
<Input internal>
 Module im_internal
 Exec $Message = to_json(); 
</Input>
# Windows Event Log
<Input eventlog>
# Uncomment im_msvistalog for Windows Vista/2008 and later
 Module im_msvistalog
#Uncomment im_mseventlog for Windows XP/2000/2003
 #Module im_mseventlog
 Exec $raw_event = to_json();
</Input>
<Processor buffer>
Module pm_buffer
# 100MB disk buffer
MaxSize 102400
Type disk
</Processor>
<Output out>
 Module om_tcp 
 Host data.cloudlytics.com
 Port 12345 
 Exec $raw_event = "<STREAM_TOKEN>:TAGS,TAGS " + $raw_event; 
 #Use the following line for debugging (uncomment the fileop extension above as well)
 #Exec file_write("C:/Program Files (x86)/nxlog/data/nxlog_output.log", $raw_event);
</Output>
<Route 1>
 Path internal, eventlog => buffer => out
</Route>

Now  Replace the above variables:

STREAM_TOKEN: Replace it with the stream token of Cloudlytics that you find at the time of stream creation.

TAGS: Replace them with suitable tags.

  1. After changing the config file save it.
  2. Restart Nxlog: Open the Services tool in the Start menu, find nxlog in the list, and then restart the service.

Table of Contents

A Trusted Security Partner of Global Businesses

Simplify Management of Your Cloud Operations With Us.

Living on the Edge LOGO

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!