It goes without saying that across your business infrastructure, there should
be a commitment to protect not only the hardware and software assets, but
the plethora of data that is transmitted through and stored in it.
However, to successfully safeguard such data, it is imperative to have
an effective audit policy in place that includes the collection of security
events as its essential component.
Windows provides a wealth of security logs that are visible in the
built-in Security channel of Event Viewer. Each log entry is associated with a
number called the Event ID. These logs carry a wide variety of information,
ranging from authentication events to policy changes. NXLog provides the
im_msvistalog module to collect logs from Windows Event
Log, which can be
easily configured to collect logs based on their Event ID.