Nxlog for Windows auditing Nxlog service stopped
Tags:
#1
goodrookie
Hi, I need to know if there is any way to receive an event when Nxlog Windows service is stopped. How can I obtain such notification if I don´t have the service working anymore? Is there a solution to audit this case? Thanks!
#1
goodrookie
Hi, I need to know if there is any way to receive an event when Nxlog Windows service is stopped. How can I obtain such notification if I don´t have the service working anymore? Is there a solution to audit this case?
Thanks!
This is not possible with the service by itself. Most modern operating systems have methods to see that a service is down and try to restart it automatically.
It would likely be better to incorporate your existing monitoring solutions. You could also probably use a heartbeat created from something like im_mark or a schedule block with log_info() while reading events from im_internal. These events in combination with an alert in your SIEM could show you when the service is down.
