Nxlog for Windows auditing Nxlog service stopped
Hi, I need to know if there is any way to receive an event when Nxlog Windows service is stopped. How can I obtain such notification if I don´t have the service working anymore? Is there a solution to audit this case? Thanks!
This is not possible with the service by itself. Most modern operating systems have methods to see that a service is down and try to restart it automatically.
It would likely be better to incorporate your existing monitoring solutions. You could also probably use a heartbeat created from something like
im_mark or a schedule block with
log_info() while reading events from
im_internal. These events in combination with an alert in your SIEM could show you when the service is down.