Hi, we have windows event forwarding configured with a lot of subscripts and filtering already configured across a deployemnt of Windows servers.

I would like to use NXLOG EE to install on our two Windows event collectors to forward these events off to a SIEM. Looking at the documentation seems I need to setup a Linux server to act as the WEC for this purpose?

AskedMarch 8, 2021 - 1:06am

Answer (1)


One of the superpowers of NXLog Enterprise Edition is the ability to collect Windows logs not only using Windows machines, but you can do it also using Linux. Being that said, it's not a problem to use Windows machine for this purpose - the choice is you, and you have freedom in building your infrastructure.

If you want to test NXLog Enterprise Edition - you can request a free trial and our Presales Engineers will be happy to assist you with your testing.

Best regards,

Comments (2)

  • DW_268040's picture

    Hi, we actually just purchased 100 odd licenses. We are trying to forward our current windows event logs that we already have wef configured for with subscripts doing the filtering. we now want to install nxlog on our WEC to forward to another source. Do you need to go to all the effort of configuring the htps certs etc in a windows collector?

  • raf's picture


    Definitely, configuration has to be done before the log shipment will be possible. I'm not aware of your architecture nor the policy, so it's hard to make any recommendations.

    You can find a helpful section in the documentation - Windows Event Collector. I'm sure Support will answer any questions and help solve possible issues when any arise.

    Best regards,