My example nxlog.conf file for all windows services we monitor.

On our Graylog server we have GELF over TCP enabled. I use the following as a prototype Windows Server config file, with all relevant log paths defined for various services. We then just erase the lines we dont' want. I don't think I've seen a sample template, so this would have been useful when I was first building. Important to note, we didn't find any useful logs in event log for sharepoint, sccm, SQL Server, IIS, or Dynamics CRM, they log separately:

AskedMay 23, 2020 - 7:05pm

Windows logs can'

I parameterized as seen in the examples the nxlog configuration file for the logs of my Windows 2016 servers, but when I restart the services with them. In the nxlog files I find this:

nxlog failed to start: Expected </Extension_gelf> but saw </Extension> at C:\Program Files (x86)\nxlog\conf\nxlog.conf:48

nxlog failed to start: Expected </Extension_gelf> but saw </Extension> at C:\Program Files (x86)\nxlog\conf\nxlog.conf:48

AskedNovember 26, 2019 - 10:23am

Windows Logs

Hello everyone,
I have a window server that receives logs from other windows hosts (log collector) and from this last one, events are sent to a Fortisiem. The problem is that in SIEM the IP that appears is always the collector's IP and all host events are identified by that IP.
Is it possible to keep the original IP of each host?

AskedOctober 15, 2019 - 12:00pm

Windows event filtering not working? Or something else

Hello, I have recently been trying up a syslog-ng server for various devices and have tried a couple of things for sending Windows Events to the server.

Finally decieded that NXLog will do what I need and I have gotten sent some events over without much configuration, but when trying filter within the .conf file, it always fails. I can't really find much good information as to why it might be failing, as it seems that it should be correct.(to me anyway)

AskedFebruary 18, 2019 - 7:41am