Integrating Windows Events

In windows there are no system daemon present, so we are using a plugin or agent i.e. nxlog forwarder.

Steps to configure nxlog forwarder on your windows system

  1. Install Nxlog from here.
  2. Open the Nxlog configuration file at this path
: C:\Program Files (x86)\nxlog\conf\nxlog.conf
  1. Replace the entire configuration file content with this:
## This is a sample NXLog configuration file created by Loggly. June 2013
## See the nxlog reference manual about the configuration options.
## It should be installed locally and is also available
## online at
define ROOT C:\Program Files (x86)\nxlog
define ROOT_STRING C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel INFO
# Include fileop while debugging, also enable in the output module below
<Extension fileop>
 Module xm_fileop
<Extension json>
 Module xm_json
<Extension syslog>
 Module xm_syslog
<Input internal>
 Module im_internal
 Exec $Message = to_json(); 
# Windows Event Log
<Input eventlog>
# Uncomment im_msvistalog for Windows Vista/2008 and later
 Module im_msvistalog
#Uncomment im_mseventlog for Windows XP/2000/2003
 #Module im_mseventlog
 Exec $raw_event = to_json();
<Processor buffer>
Module pm_buffer
# 100MB disk buffer
MaxSize 102400
Type disk
<Output out>
 Module om_tcp 
 Port 12345 
 Exec $raw_event = "<STREAM_TOKEN>:TAGS,TAGS " + $raw_event; 
 #Use the following line for debugging (uncomment the fileop extension above as well)
 #Exec file_write("C:/Program Files (x86)/nxlog/data/nxlog_output.log", $raw_event);
<Route 1>
 Path internal, eventlog => buffer => out

Now  Replace the above variables:

STREAM_TOKEN: Replace it with the stream token of Cloudlytics that you find at the time of stream creation.

TAGS: Replace them with suitable tags.

  1. After changing the config file save it.
  2. Restart Nxlog: Open the Services tool in the Start menu, find nxlog in the list, and then restart the service.

Table of Contents

A Trusted Security Partner of Global Businesses

Simplify Management of Your Cloud Operations With Us.

Living on the Edge LOGO