6
answers
closed

Hello I wish to collect event logs and Windows performance counters from multiple 'remote' systems within a Windows domain... I would like to know the syntax for doing this.. I have looked at your documentation in relation to your Enterprise version and it states that you can use the module  directives (RemoteServer,RemoteUser,RemotePassword) etc... But there is no statement with regards how you structure the collection from multiple servers or if these commands can be used with the 'im_winperfcount' module..  I would like to avoid the need to load individual instances per server.

 

Please can you assist.. 

This is a trial to see if the enterprise version can be placed into a production environment.. 

 

Kind regards

 

Support ticket opened onJuly 27, 2016 - 2:57pm

Comments (6)

  • adm's picture

    State: closed -> active

    The im_wseventing module provides support for collecting Windows Eventlog using Windows Event Forwarding. With this you don't need to list each source host in the configuration.  Using the im_msvistalog module you have to define one input instance per source host, so this may not be best suited if you have a large number of windows machines in your environment.

    The im_winperfcount module cannot pull performance counter values remotely, you need to install NXLog locally on the machine you wish to collect performance data from. For an agentless solution you could craft a script (e.g. powershell+wmi) that collects this data from the required machines and feed that to NXLog with im_exec.

    July 27, 2016 - 6:06pm
  • clivemcdonald's picture

    Thanks for the update... With regards to the module "im_winperfcount", I understand that in order to poll for performance counters you need to specify the counter name to be polled i.e.

    Counter \Memory\Available Bytes
    Counter \Process(_Total)\Working Set

    While this does work well the problem is that we have numerous counters to register, so rather than detailing each specific counter is there a wildcard option which would encompass polling of all the available counters on the machine.

     

    Kind Regards

    July 30, 2016 - 8:21pm
  • adm's picture

    im_winperfcount does not support wildcards currently. We will consider adding this capability to a future version, thank you for the suggestion. For now you can probably do this by generating all the needed counter names with some scripting.

    July 30, 2016 - 9:40pm
  • clivemcdonald's picture

    Hello I am having problems collecting object and process names using the Windows counter collector.. Please could you advise the sytax that should be used within the conf file for these counters.. eg.. (\Processor(*)\% Privileged Time)

     

     

    August 11, 2016 - 11:16am
  • adm's picture

    For the syntax please see the NXLog EE Reference Manual bundled with the msi installer and available under C:\Program Files (x86)\nxlog\doc.

    August 11, 2016 - 11:19am
  • b0ti's picture

    State: active -> closed

    Assuming this can be closed.

    September 16, 2016 - 1:40pm