NXLOG is used to process the collected information and send it on to the OTM CCE.
...
Replace the entire configuration file by pasting the following Below – Note to replace the variable (IP Address of Seceon Collector) with the actual Seceon Server IP address:
| Code Block |
|---|
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/docs/
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension _json>
Module xm_json
</Extension>
define aisiem \
258, 259, 260, 261, 262, 531, 532, 533, 534, 535, 536, 537, 538, 539, 540, \
551, 552, 675, 676, 677, 679, 680, 681, 682, 683, 4624, 4625, 4634, 4647, \
4649, 4656, 4659, 4661, 4663, 4720, 4722, 4725, 4726, 4727, 4728, 4729, 4730, \
4731, 4732, 4733, 4734, 4735, 4737, 4738, 4740, 4741, 4742, 4743, 4744, 4745, \
4748, 4749, 4750, 4751, 4752, 4753, 4754, 4755, 4756, 4758, 4759, 4760, 4762, \
4763, 4764, 4771, 4772, 4773, 4775, 4777, 4778, 4779, 4782, 4785, 4786, 4787, \
4788, 4793, 4794, 4797, 5140, 5142, 5143, 5144, 5145
<Input in>
Module im_msvistalog
Query <QueryList>\
<Query Id="0">\
<Select Path="Security">* </Select>\
<Select Path="Application">* </Select>\
<Select Path="Setup">* </Select>\
<Select Path="System">* </Select>\
</Query>\
</QueryList>
<Exec>
if ($EventID NOT IN (%aisiem%)) drop();
</Exec>
</Input>
<Output out>
Module om_udp
Host IP Address of Seceon Collector Host CCE_IP_ADDRESS
Port 5154
Exec to_json();
</Output>
<Route 1>
Path in => out
</Route> |
...