Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

NXLOG is used to process the collected information and send it on to the OTM CCE.

  • Login on collector/AD computer.

  • Download the latest version of nxlog. It is easiest to choose the Windows msi file which includes an installer. Use the link below:

    http://nxlog.org/products/nxlog-community-edition/download    

  • Open the Nxlog configuration file at:

        C:\Program Files (x86)\nxlog\conf\nxlog.conf

Replace the entire configuration file by pasting the following Below – Note to replace the variable (IP Address of Seceon Collector) with the actual Seceon Server IP address:

## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/docs/
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog

define ROOT C:\Program Files (x86)\nxlog
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension _json>    
  Module xm_json
</Extension>
define aisiem                                                                 \
258, 259, 260, 261, 262, 531, 532, 533, 534, 535, 536, 537, 538, 539, 540,    \
551, 552, 675, 676, 677, 679, 680, 681, 682, 683, 4624, 4625, 4634, 4647,     \
4649, 4656, 4659, 4661, 4663, 4720, 4722, 4725, 4726, 4727, 4728, 4729, 4730, \
4731, 4732, 4733, 4734, 4735, 4737, 4738, 4740, 4741, 4742, 4743, 4744, 4745, \
4748, 4749, 4750, 4751, 4752, 4753, 4754, 4755, 4756, 4758, 4759, 4760, 4762, \
4763, 4764, 4771, 4772, 4773, 4775, 4777, 4778, 4779, 4782, 4785, 4786, 4787, \
4788, 4793, 4794, 4797, 5140, 5142, 5143, 5144, 5145

<Input in>
      Module im_msvistalog
      Query <QueryList>\
                  <Query Id="0">\
                        <Select Path="Security">* </Select>\
                        <Select Path="Application">* </Select>\
                        <Select Path="Setup">* </Select>\
                        <Select Path="System">* </Select>\
                  </Query>\
            </QueryList>
            <Exec>
                  if ($EventID NOT IN (%aisiem%)) drop();
            </Exec>
</Input>

<Output out>    
  Module om_udp    
  Host CCE_IP_ADDRESS  
  Port 5154    
  Exec to_json();
</Output>

<Route 1>    
  Path in => out
</Route>

  • Restart nxlog from services or type the following at an elevated command prompt: 

 net stop nxlog

 net start nxlog

  • No labels

Seceon Inc. All rights reserved. https://www.seceon.com