In this example we'll discuss how to install, configure, and use NXLog to get Windows Event logs into Logscape. The ability to import Windows events means that you can visualize windows system activity and any windows application that publishes events to the windows event logs.
The logs will then be streamed seamlessly into the Logscape Cloud. The Windows Event Workspaces are there so you can analyse all of your windows event data.
NXLog is a service for the aggregation and forwarding of log data of systems. It also supports Windows event logs. It is available for free from, the NXLog community website.
Your config file can be found in the %NXLOG_HOME%\conf\ folder. Update it with the following config file to stream your Windows Event Logs.
#For 32 bit machines uncomment the below line, and comment program files (x86) #define ROOT C:\Program Files\nxlog define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension json> Module xm_json </Extension> <Input in_winevents> # For windows 2003 and earlier use the following: # Module im_mseventlog Module im_msvistalog Exec $Message = to_json(); $raw_event = "LOGSCAPETOKEN:YOUR_TOKEN_HERE LOGSCAPETAG:winevts " + $Message; </Input> <Output out> Module om_tcp Host collector.logscape.com Port 9991 </Output> <Route 1> Path in_winevents => out </Route>
NOTE: Make sure to update YOUR_TOKEN_HERE with your own token which can be found on the account management page.
3) Restart the Nxlog service.You now need to restart the NXLog service.
4) Confirm connectivity.Check the windows event dashboard to confirm that your log data is now entering the cloud.