Request trial
Request Trial

Nxlog for Windows auditing Nxlog service stopped

Tags:
#1 goodrookie

Hi, I need to know if there is any way to receive an event when Nxlog Windows service is stopped. How can I obtain such notification if I don´t have the service working anymore? Is there a solution to audit this case? Thanks!

Permalink
#2 Zhengshi Nxlog ✓
#1 goodrookie
Hi, I need to know if there is any way to receive an event when Nxlog Windows service is stopped. How can I obtain such notification if I don´t have the service working anymore? Is there a solution to audit this case? Thanks!

This is not possible with the service by itself. Most modern operating systems have methods to see that a service is down and try to restart it automatically.
It would likely be better to incorporate your existing monitoring solutions. You could also probably use a heartbeat created from something like im_mark or a schedule block with log_info() while reading events from im_internal. These events in combination with an alert in your SIEM could show you when the service is down.
Login to see more

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS