NXLOG Config for Windows 10

Veröffentlicht am September 9, 2019

I use Graylog in my Environment for centralized logging infrastructure.

and while I playing at this time a lot of with VMware Horizon 7.9 I also created a new Windows 10 Master image with UEM etc. and I want to send all windows 10 instant clone logs to my existing Graylog infra.

So for windows logging there is at this time only NXLog for doing this job really great.

In case you need a working configuration here is mine:

Panic Soft
#NoFreeOnExit TRUE

define ROOT     C:\Program Files (x86)\nxlog
define CERTDIR  %ROOT%\cert
define CONFDIR  %ROOT%\conf
define LOGDIR   %ROOT%\data
define LOGFILE  %LOGDIR%\nxlog.log
LogFile %LOGFILE%

Moduledir %ROOT%\modules
CacheDir  %ROOT%\data
Pidfile   %ROOT%\data\nxlog.pid
SpoolDir  %ROOT%\data


######################################################
############## Extensions ############################

<Extension gelf>
    Module      xm_gelf
</Extension>
########## INPUTS ###########
<Input eventlogs>
    Module      im_msvistalog
# For windows 2003 and earlier use the following:
#   Module      im_mseventlog

</Input>
########################################
################# OUTPUTS ##############
<Output out>
    Module      om_tcp    
    Host        log.XXXXX.int
    Port        12201
    #Exec       to_syslog_snare();
    OutputType  GELF_TCP

</Output>
#######################################
#################### ROUTE  ###########
<Route eventlogs>
    Path        eventlogs => out
</Route>

The input in Graylog looks so:

and here you see an example extracted message in Graylog

I hope it helps someone!

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

© 2011-2019 SJT CONSULTING – Alle Rechte vorbehalten. | Datenschutz | Impressum