Windows Event Logs
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

Windows Event Logs

  • Dark
    Light
  • PDF

Windows displays its event logs in the Windows Event Viewer. This application lets you view and navigate the Windows Event Logs, search and filter on particular types of logs, export them for analysis, and more.

This article has been written for integration with 32 bit and 64 bit Windows machines.

Integration of Windows Event Logs via NXLog with DNIF

Configure NXLog to send Microsoft Windows event logs to DNIF Adapter.

Download and install Nxlog

  • Download and install the latest version of NXLog on the Windows machine from which the logs need to be collected.
  • After installation, locate the nxlog.conf file in the C:\Program Files (x86)\nxlog\conf folder.
  • For 32 bit Windows machines, check C:\Program Files\nxlog\conf folder

image.png

  • Open the nxlog.conf file using a text editor. Replace the entire configuration by copy-pasting the text given for your Windows version.

Windows x32 bit OS

#============ Define ROOT here ===================
define ROOT C:\Program Files\nxlog
#define ROOT C:\Program Files (x86)\nxlog
#============ NXLog Machine Log info =============
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

#=========== For Windows Event Log ===========
<Extension json>
Module xm_json
</Extension>

<Input MSEvtIN>
# For windows 2003 and earlier use the following:
#Module im_mseventlog
# For windows 2005 and later use the following:
Module im_msvistalog
Exec to_json();
</Input>

<Output MSEvtOUT>
Module om_udp
Host DNIF-Adapter-IP
Port 514
</Output>

<Route 1>
Path MSEvtIN => MSEvtOUT
</Route>

Windows x64 bit OS

#============ Define ROOT here ===================
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x64)\nxlog
#============ NXLog Machine Log info =============
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

#=========== For Windows Event Log ===========
<Extension json>
Module xm_json
</Extension>

<Input MSEvtIN>
# For windows 2003 and earlier use the following:
#Module im_mseventlog
# For windows 2005 and later use the following:
Module im_msvistalog
Exec to_json();
</Input>

<Output MSEvtOUT>
Module om_udp
Host DNIF-Adapter-IP
Port 514
</Output>

<Route 1>
Path MSEvtIN => MSEvtOUT
</Route>
  • Restart NXLog
  • To apply changes made on nxlog.conf, you have to restart the service again.
    • Go to Control Panel > Services and locate the nxlog service.
    • Right click on nxlog and click Restart

image.png

  • Windows event logs are now streamed to DNIF.

Was this article helpful?

What's Next