1.IMPORTANCE
2.STEPS OF CONFIGURATION
3.VERIFICATION
IMPORTANCE
NXLOG is used to process the collected information from Windows event logs and forward these logs on to the OTM CCE.
STEPS OF CONFIGURATION:-
Login on collector/AD computer.
Download the latest version of nxlog. It is easiest to choose the Windows msi file which includes an installer. Use the link below for the community edition:
...
Open the nxlog.conf file in notepad .
Replace the configuration file by pasting the following - Note to replace the variable (
IP Address of Seceon Collector
) mentioned in point 52 below with the actual Seceon Server IP address:
...
Click on: Local Policies
...
Click on: audit PoilicyPolicy
...
Click on Success and failure checkbox >>apply >>ok .
...
Enable audit logs: Windows- Enable Audit Logs/Policies
Open Command Prompt , once policies are enabled , and run the command gpupdate /force , to validate that the policies are enabled .
...
VERIFICATION:-
Can validate the success of configuration either on UI or on CCE server.
...