1
answer

Dear NxLog Community,

I've heard some debate lately as to the question of 64-bit Windows support with NxLog.  One camp claims that the NxLog "Community Edition" cannot export Event Logs from 64-bit Windows systems, a.k.a Server 2008 R2 and Server 12.  These folks argue that to get 64-bit Windows support the NxLog Enterprise Edition is required.

Is this correct?  If so, does anyone have a link to an NxLog document that explains this?  Is there an official document highlighting the differences between the Community and Enterprise Editions?  

 

Thanks,
groundLoop

AskedApril 10, 2015 - 4:07pm

Answer (1)

The vast majority of today's Windows systems run 64-bit 2008R2 and 2012R2. The NXLog Community Edition wouldn't be that popular if it couldn't collect Windows EventLog on these systems. Probably you are hearding FUD or misunderstood something. Feel free to test it yourself.

There is no doubt that the NXLog Enterprise Edition has more features, see this page for more.

AnsweredApril 10, 2015 - 7:40pm

Comments (2)

  • groundLoop's picture

    Thanks for the advice.  Reading through the NxLog Enterprise Edition Features page, I did notice several Windows Event Log specific enhancements, including one in particular that I was hoping you could provide additional information on.

    More data from the Windows EventLog

    The im_msvistalog module in the NXLog Enterprise Edition can collect more data from the Windows EventLog and it also retrieves the EventData and UserData parts which can contain important data in some specific log sources

    https://nxlog.co/additional-features-nxlog-enterprise-edition

     

    EventData is a fairly significant capability, isn't it?  EventData is key, for example, to parsing Security events.    If I understand correctly, then, while the NxLog Community Edition has 64-bit Windows support, it's capabilities are actually extremely limited, when it comes to parsing Windows Event logs?


    Thanks again,
    groundLoop

    April 13, 2015 - 2:50pm
  • adm's picture
    (NXLog)

    Events from the Security channel that are included in EventData in the following format are parsed by the NXLog Community Edition also:

    <EventData>
       <Data Name="TargetUserSid">S-1-5-18</Data> 
       <Data Name="TargetUserName">SYSTEM</Data> 
    </EventData>

    There are some other log sources which emit a differently structured EventData or UserData, that's what only the Enterprise Edition can handle.

    I suggest testing the solutions (EE, CE or some other vendor's solution) and check whether your requirements are covered.

    April 13, 2015 - 5:49pm