Table of Contents |
---|
Overview
NXLOG is used to process the collected information from Windows event logs and forward these logs to the OTM CCE.
...
Ref. link: https://docs.nxlog.co/userguide/configure/overview.html
Pre-requisite
Login on collector/AD computer.
Download the latest version of nxlogNXLog Community Edition. It is easiest to choose the Windows msi MSI file which includes an installer. Use the link below for the community edition:
http://nxlog.org/products/nxlog-community-edition/download
...
Download - NXLog Community Edition
...
...
Steps Of Configuration
Open the Nxlog configuration file at :
...
Run notepad or notepad++ with the administrative rights.
Open the nxlog.conf file.
Replace the configuration file by pasting the following - Note to replace the variable (
IP Address of Seceon Collector
) mentioned in point 52 below with the actual Seceon Server IP address:
...
net stop nxlog
net start nxlog
Click on: NXlog
...
2. Click on : Stop
...
3. Click on : start
...
Repeat this for all policies one by one.
Enable audit logs: Windows- Enable Audit Logs/Poli/wiki/spaces/PP/pages/445612089cies
Open Command Prompt, once policies are enabled, and run the command gpupdate /force, to validate that the policies are enabled.
...
Verification
Can validate the success of configuration either on UI or on CCE server.
...
Verification Through CCE server
“sudo tcpdump -i any host port 5154 and host <IP address> -AAA” command should be ran on CCE server to check wheather or not we are getting logs .