Valid From: 2/22/2019
Updated on:310/0510/2019
NXLOG is used to process the collected information and send it on to the OTM CCE.1.1
- Login on collector/AD computer.
...
- Download
...
- the latest version of nxlog. It is easiest to choose the Windows msi file which includes an installer.
...
- Use the link below:
http://nxlog.org/products/nxlog-community-edition/download
...
- Open the Nxlog configuration file at:
C:\Program Files (x86)\nxlog\conf\nxlog.conf
...
- Replace the entire configuration file by pasting the following Below – Note to replace the variable ({IP address of Seceon Server}) with the actual Seceon Server IP address:
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/docs/
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension _json>
Module xm_json
</Extension>
<Input in>
Module im_msvistalog
Query <QueryList>\
<Query Id="0">\
<Select Path="Security">* </Select>\
<Select Path="Application">* </Select>\
<Select Path="Setup">* </Select>\
<Select Path="System">* </Select>\
</Query>\
</QueryList>
</Input>
<Output out>
Module om_udp
Host
...
CCE IP Address
...
Port 5154
Exec to_json();
</Output>
<Route 1>
Path in => out
</Route>
...
...
- Restart nxlog from services or type the following at an elevated command prompt:
net stop nxlog
net start nxlog
...
- Enable audit logs: Windows- Enable Audit Logs/Policies