Nxlog CE vs EE
Hi everybody,
I would like to centralize sysmon events from endpoints using WEF and then forward "forwarded events" from collector server to graylog. Can i do it using Community edition of Nxlog ? If yes,
- can i concerve originated enpoint source ?
- which format does i need to use (SYSLOG or GELF) ?
Thanks
Hi chauchard,
We have a new post which is all about NXLog and Windows Event Forwarding. See https://nxlog.co/windows-event-forwarding
The NXLog Enterprise Edition has the im_wseventing module that allows you to set up NXLog as a Windows Event Collector both on Windows and Linux platforms. The Windows clients can be configured from Group Policy to send Windows EventLog using Windows Event Forwarding. This module provides improved security for collecting from Windows machines in agent-less mode, with support for both Kerberos and HTTPS data transfer.
Otherwise you use the im_msvistalog (which is available for both CE and EE editions) to collect from the Sysmon EventLog channel.
To integrate with Graylog, more details at https://nxlog.co/documentation/nxlog-user-guide/graylog.html including snippet configuration. Select **GELF ** as the OutputType when you send out to your server.
