| Table of Contents |
|---|
IMPORTANCE
NXLOG is used to process the collected information from Windows event logs and forward these logs on to the OTM CCE.
NXLog uses Apache-style configuration files. The configuration file is loaded from its default location, or it can be explicitly specified with the -c command-line argument.
The NXLog configuration file is comprised of blocks and directives. Blocks are similar to XML tags containing multiple directives. Directive names are not case-sensitive but arguments sometimes are.
Ref. link: https://docs.nxlog.co/userguide/configure/overview.html
STEPS OF CONFIGURATION
Login on collector/AD computer.
Download the latest version of nxlog. It is easiest to choose the Windows msi file which includes an installer. Use the link below for the community edition:
...
Run notepad or notepad++ with the administrative rights.
Open the nxlog.conf file.
Replace the configuration file by pasting the following - Note to replace the variable (
IP Address of Seceon Collector) mentioned in point 52 below with the actual Seceon Server IP address:
...
Enable audit logs: Windows- Enable Audit Logs/Policies
Open Command Prompt, once policies are enabled, and run the command gpupdate /force, to validate that the policies are enabled.
...
VERIFICATION
Can validate the success of configuration either on UI or on CCE server.
...