...
The following link provides additional information: https://msdn.microsoft.com/en-us/library/cc722010.aspx
Now, the collector setup is done, please
1.Forward logs from the other sources on this collector. Follow the steps in the article using the link below on source computers:
Event forwarding from Source Windows Computers
2. Now, configure Nxlog on the collector, using the steps in the article using the link below:
Note: If the AD machine is configured as the collector then you need to enable audit logs only on the AD machine. If the case is otherwise(any endpoint is configured as the collector), then you need to enable audit logs on each of the computers added in the subscriptions separately.
3. Steps to enable audit logs are given in the article from the link below: