We have a requirement to send Windows Event logs over an encrypted channel with client authentication.

The issue is, the certificates in our infrastructure are stored in the Computer Certificates store with private keys that are marked as non-exportable.

I'm looking for a way to either:
a) Somehow use NXLog to utilize the client certificate from within the store (ideal but I don't think NXLog is written to handle this)
b) Find a scalable method for hundreds of servers to copy the key pair to NXLog-friendly PEM format from within the certificate store. There are ways to do this, but since the key is not marked as exportable it takes a lot of work to export that I don't think can be efficiently automated.

Does anyone have any ideas on this? Our current implementation is sending input from the Event Log to a Syslog server.


AskedFebruary 19, 2020 - 5:48pm

Answer (1)

The NXLog Enterprise Edition v5 beta has support for the Windows Certificate Store and it is possible to specify the cert thumbprint in the configuration file. Please contact us if you are interested in testing this.