1.IMPORTANCE
2.STEPS OF CONFIGURATION
3.VERIFICATION
IMPORTANCE
NXLOG is used to process the collected information from Windows event logs and forward these logs on to the OTM CCE.
STEPS OF CONFIGURATION:-
Login on collector/AD computer.
Download the latest version of nxlog. It is easiest to choose the Windows msi file which includes an installer. Use the link below for the community edition:
http://nxlog.org/products/nxlog-community-edition/download
...
Open the Nxlog configuration file at :
...
Open the nxlog.conf file in notepad .
Replace the configuration file by pasting the following - Note to replace the variable (
IP Address of Seceon Collector) mentioned in point 52 below with the actual Seceon Server IP address:
...
net stop nxlog
net start nxlog
Click on:
...
NXlog
...
2.Click on : Stop
...
3.Click on : start
...
Search for : Local Policies in search box again .
...
Click on: Local Poilicies
...
Click on: audit Poilicy
...
Click on Success and failure checkbox >>apply >>ok .
...
Repeat this for all poilicies one by one .
Enable audit logs: Windows- Enable Audit Logs/Policies
Open Command Prompt , once policies are enabled , and run the command gpupdate /force , to validate that the policies are enabled .
VERIFICATION:-
Can validate the success of configuration either on UI or on CCE server.
...