Versions Compared

Old Version 9

changes.mady.by.user Customer Success & Engineering (Unlicensed)

Saved on

compared with

New Version 10

changes.mady.by.user Customer Success & Engineering (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Valid From: 2/22/2019

Updated on:10/10/2019

NXLOG is used to process the collected information and send it on to the OTM CCE.

  • Login on collector/AD computer.

  • Download the latest version of nxlog. It is easiest to choose the Windows msi file which includes an installer. Use the link below:

    http://nxlog.org/products/nxlog-community-edition/download    

  • Open the Nxlog configuration file at:

        C:\Program Files (x86)\nxlog\conf\nxlog.conf

Replace the entire configuration file by pasting the following Below – Note to replace the variable (

...

IP address of Seceon Server

...

) with the actual Seceon Server IP address:

Code Block
## This is a sample configuration file. See the nxlog reference manual about the

...


## configuration options. It should be installed locally and is also available

...


## online

...

 at http://nxlog.org/docs/

...


## Please set the ROOT to the folder your nxlog was installed into,

...


## otherwise it will not start.

...


#define ROOT C:\Program Files\nxlog

define ROOT C:\Program Files (x86)\nxlog

...


define ROOT C:\Program Files (x86)\nxlog

...



Moduledir %ROOT%\modules

...


CacheDir %ROOT%\data

...


Pidfile %ROOT%\data\nxlog.pid

...


SpoolDir %ROOT%\data

...


LogFile %ROOT%\data\nxlog.log

...



<Extension _

...

json>    
  Module xm_json

...


</Extension>
define aisiem                                                                 \
258, 259, 260, 261, 262, 531, 532, 533, 534, 535, 536, 537, 538, 539, 540,    \
551, 552, 675, 676, 677, 679, 680, 681, 682, 683, 4624, 4625, 4634, 4647,     \
4649, 4656, 4659, 4661, 4663, 4720, 4722, 4725, 4726, 4727, 4728, 4729, 4730, \
4731, 4732, 4733, 4734, 4735, 4737, 4738, 4740, 4741, 4742, 4743, 4744, 4745, \
4748, 4749, 4750, 4751, 4752, 4753, 4754, 4755, 4756, 4758, 4759, 4760, 4762, \
4763, 4764, 4771, 4772, 4773, 4775, 4777, 4778, 4779, 4782, 4785, 4786, 4787, \
4788, 4793, 4794, 4797, 5140, 5142, 5143, 5144, 5145

<Input in>
      Module im_msvistalog
      Query <QueryList>\
                  <Query Id="0">\
                        <Select Path="Security">* </Select>\

...


                        <Select Path="Application">* </Select>\

...


                        <Select Path="Setup">* </Select>\

...


                        <Select Path="System">* </Select>\

...


                  </Query>\

...


            </QueryList>
            <Exec>
                  if ($EventID NOT IN (%aisiem%)) drop();
            </Exec>
</Input>

<Output out>    
  Module om_udp    
  Host CCE IP Address    
  Port 5154    
  Exec to_json();

...


</Output>

...



<Route 1>    
  Path in => out
</Route>

  • Restart nxlog from services or type the following at an elevated command prompt: 

 net stop nxlog

 net start nxlog