Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Overview

NXLOG is used to process the collected information from Windows event logs and forward these logs to the OTM CCE.

...

Ref. link: https://docs.nxlog.co/userguide/configure/overview.html

Pre-requisite

  • Login on collector/AD computer.

  • Download the latest version of nxlogNXLog Community Edition. It is easiest to choose the Windows msi MSI file which includes an installer. Use the link below for the community edition:

    http://nxlog.org/products/nxlog-community-edition/download    

...

Download - NXLog Community Edition 

...

  

...

Steps Of Configuration

  • Open the Nxlog configuration file at :

...

  • Run notepad or notepad++ with the administrative rights.

  • Open the nxlog.conf file.

  • Replace the configuration file by pasting the following - Note to replace the variable (IP Address of Seceon Collector) mentioned in point 52 below with the actual Seceon Server IP address:

...

 net stop nxlog

 net start nxlog

  1. Click on: NXlog

...

2. Click on : Stop

...

3. Click on : start

...

Repeat this for all policies one by one.

Enable audit logs:  Windows- Enable Audit Logs/Poli/wiki/spaces/PP/pages/445612089cies

  • Open Command Prompt, once policies are enabled, and run the command gpupdate /force, to validate that the policies are enabled.

...

Verification

Can validate the success of configuration either on UI or on CCE server.

...

  • Verification Through CCE server

“sudo tcpdump -i any host port 5154 and host <IP address> -AAA” command should be ran on CCE server to check wheather or not we are getting logs .