Close

July 13, 2015

Logging from windows with nxlog

Using the nxlog utility (community edition) it is possible to have a secure syslog connection to your lggr server.

You might want to use this example:

## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR C:\Program Files (x86)\nxlog\cert

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension syslog>
Module      xm_syslog
</Extension>

<Input in>
Module      im_msvistalog
# For windows 2003 and earlier use the following:
#   Module      im_mseventlog
</Input>

<Output out>
Module      om_ssl
Host        your.logging.server
Port        5140
#CAFile      %CERTDIR%/cert-bundle.pem
CAFile      %CERTDIR%/cacert.pem
CertFile    %CERTDIR%/client-cert.pem
CertKeyFile %CERTDIR%/client-key.pem
KeyPass     yourPasswordOfTheKey
Exec $Hostname = ‘some local name’;
Exec        to_syslog_bsd();
</Output>

<Route 1>
Path        in => out
</Route>

One Comment on “Logging from windows with nxlog

Kretschmann
July 13, 2015 at 11:51 am

A nice comment via reddit from https://www.reddit.com/user/Blahbl4hblah:

Remember…you can centralize your windows logs on a spare server with Event Forwarding. If you need to go from eventlog to syslog, do it there.

https://msdn.microsoft.com/en-us/library/windows/desktop/bb427443(v=vs.85).aspx

Comments are closed.