Overview

This  documents will help you how to configure Windows events.

To export events from Windows machines/servers, we use a third-party software called "Nxlog".

...

Windows servers generate two type types of events:

Type 1: Windows Native Events

Type 2: Windows-based Application Events

Type 1: Windows Native Events -

For these, we can use both the Event collection methods - Method 1 or Method 2 below. Example - OS events, Audit events(/wiki/spaces/PP/pages/445612089) and Driver Framework events like USB events, CD Drive events etc.(/wiki/spaces/RB/pages/4227200).

Type 2: Windows-based Application events -

For Application events, we have to use Method 1 of event collection, which is to run nxlog agent on the server to read the events from a specific location and export them to CCEs. Example: MSSQL, DNS , DHCP, IIS, MsExchange, and SMTP.

B.Methods of Event Collection from Windows -

...

• Nxlog Agent configured on the same server
• Nxlog Agent configured on a collector setup

Both the methods are described as below:

Method 1: Nxlog Agent configured on the same server:

In this case, the Nxlog configuration is done on the same server from which the events are forwarded. In the case of nxlog configuration from:

...