To send Windows events to the Log Sink, you can use a third-party tool such as NXLog to forward events.
- Download the NXLog CE (3.1.2319)
- On your Windows System run the nxlog-ce-3.1.2319.msi and install it as default
- Open the
C:\Program Files\nxlog\conf\nxlog.conf - Modify the content as:
Panic Soft#NoFreeOnExit TRUEdefine ROOT C:\Program Files\nxlogdefine CERTDIR %ROOT%\certdefine CONFDIR %ROOT%\conf\nxlog.ddefine LOGDIR %ROOT%\datainclude %CONFDIR%\\*.confdefine LOGFILE %LOGDIR%\nxlog.logLogFile %LOGFILE%Moduledir %ROOT%\modulesCacheDir %ROOT%\dataPidfile %ROOT%\data\nxlog.pidSpoolDir %ROOT%\data
<Extension _syslog> Module xm_syslog</Extension><Extension _charconv> Module xm_charconv AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32</Extension><Extension _exec> Module xm_exec</Extension><Extension _fileop> Module xm_fileop <Schedule> Every 1 hour Exec if (file_exists('%LOGFILE%') and (file_size('%LOGFILE%') >= 5M)) file_cycle('%LOGFILE%', 8); </Schedule> <Schedule> When @weekly Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8); </Schedule></Extension>
<Input WindowsEvents> Module im_msvistalog</Input>
<Output LogSink># Use om_tcp if Log Sink listen in TCP mode Module om_udp# Set here the Log Sink address Host 192.168.1.12 Port 514 Exec to_syslog_snare();</Output>
<Route 1> Path WindowsEvents=> LogSink</Route>
- After editing the file restart the NXLog service.