Windows System Log Data

In this example we'll discuss how to install, configure, and use NXLog to get Windows Event logs into Logscape. The ability to import Windows events means that you can visualize windows system activity and any windows application that publishes events to the windows event logs.


The logs will then be streamed seamlessly into the Logscape Cloud. The Windows Event Workspaces are there so you can analyse all of your windows event data.

Configuring your Windows System

1) Download and install NXLog

NXLog is a service for the aggregation and forwarding of log data of systems. It also supports Windows event logs. It is available for free from, the NXLog community website.


2) Navigate to, and edit your nxlog.conf

Your config file can be found in the %NXLOG_HOME%\conf\ folder. Update it with the following config file to stream your Windows Event Logs.

 
#For 32 bit machines uncomment the below line, and comment program files (x86)
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
 
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
 
<Extension json>
Module xm_json
</Extension>
 
<Input in_winevents>
	# For windows 2003 and earlier use the following:
	# Module      im_mseventlog
 
	Module      im_msvistalog
	Exec        $Message  = to_json(); $raw_event = "LOGSCAPETOKEN:YOUR_TOKEN_HERE LOGSCAPETAG:winevts " + $Message; 
</Input>
 
<Output out>
	Module      om_tcp
	Host        collector.logscape.com
	Port        9991
</Output>
 
<Route 1>
	Path        in_winevents => out
</Route>

NOTE: Make sure to update YOUR_TOKEN_HERE with your own token which can be found on the account management page.

3) Restart the Nxlog service.

You now need to restart the NXLog service.

4) Confirm connectivity.

Check the windows event dashboard to confirm that your log data is now entering the cloud.