How to verify centralized logging is set up on a Windows server and/or endpoint

View thread

dhicks

My question here is:

If I want to scan an asset to verify that event logs are getting forwarded via NXLog configuration, where will I find the evidence on the device that is sending the logs to the NXLog collector? Will this be somewhere in the registry, or should I look somewhere else?