Log Forwarding > Operating Systems > Microsoft Windows Server using NXLog
MICROSOFT WINDOWS SERVER
Instructions for forwarding Microsoft Windows Server logs to your Log Management device using NXLog
Microsoft Windows Server
- NXLog Community or Enterprise Edition
- Credentials to access the Windows Server
Clone Systems Log Management Device
- The IP Address for the Clone Systems Log Management device
An additional third party agent is required to configure your Microsoft Windows Server to send syslog.
The following instructions will detail how to configure the open source NXLog Community Edition agent.
Navigate a browser to the NXLog Community Edition download page.
Locate the Windows version and download the MSI installer file to your server.
Once the file has successfully downloaded, navigate to the downloaded file by clicking the View Downloads button and then Run the NXLog Community Edition MSI installer.
On the Welcome to the nxLog-CE Setup Wizard step, click the Next button.
On the End-User License Agreement step, click the I accept the terms in the License Agreement checkbox and then click the Next button.
On the Destination Folder step, customize the installation directory, if desired, then click the Next button.
Note: If you chose a custom installation directory, please note the path as you will need to make a modification to the NXLog configuration file.
On the Ready to install NXLog-CE step, click the Install button.
On the Completed the NXLog-CE Setup Wizard step, click the Finish button and the README.txt file will be opened in Notepad.
Next, we need to edit the NXLog configuration file to configure the log forwarding.
The default location for the NXLog configuration file is: C:\Program Files (x86)\nxlog\conf\nxlog.conf
Note: If you chose a custom installation directory, you will need to navigate to that directory to locate the NXLog configuration file. You will also need to update the ROOT directory specified in the configuration file before the NXLog service will start.
Edit, the NXLog configuration file using an editor, such as Notepad, and paste the following configurations detailed in this section to the bottom of the NXLog configuration file.
Note: In the <Output tcp> section, replace the Host setting with the IP Address of SIEM / Log Collector and exclude the <brackets>.
EXAMPLE: Host 10.1.1.1
# Windows Event Log
Host <IP Address of SIEM / Log Collector without <brackets> >
Path eventlog => tcp
Save the NXLog configuration file.
Open the Services tool in the Windows Start menu, find the service named nxlog in the list, and then Start the service.
Start the Services tool by clicking the Windows Start button and entering services.msc in the Search programs and files field and then click the Enter button.