Add additional Windows Event Log Sources | Log collection solutions

#1 markdavidboyd 2 years ago

Hi everyone

I'm very new to this and have searched around but couldn't find anything obvious.

I have a few Pc's with NXLog Community Edition sending data to a Loggly instance, event log data

They are picking up Security and System and Application ogs out of the box it seems, but i'm wondering if i need to do anything to add other event log sources to have them sent to Loggly?

Is it a matter of adding something to the Conf file?

For example, I have Kaspersky AV on an endpoint and i want to pick up the specific Event Log where Kaspersky sits.

Am i explaining it right? I basically want to add other event Log types into the process of log sending

Mark

Permalink

#2 jeffron Nxlog ✓ 2 years ago (Last updated 2 years ago )

#1 markdavidboyd

Hi everyone I'm very new to this and have searched around but couldn't find anything obvious. I have a few Pc's with NXLog Community Edition sending data to a Loggly instance, event log data They are picking up Security and System and Application ogs out of the box it seems, but i'm wondering if i need to do anything to add other event log sources to have them sent to Loggly? Is it a matter of adding something to the Conf file? For example, I have Kaspersky AV on an endpoint and i want to pick up the specific Event Log where Kaspersky sits. Am i explaining it right? I basically want to add other event Log types into the process of log sending Mark

Hi Mark,

Nxlog is very versatile and efficient in Log collection. To collect logs from more sources, you will need to modify the configuration file. From what you are explaining it seems you basically need to either collect the logs from the event viewer using the im_msvistalog for events logged in the event viewer or by using the im_file module if the events are stored in a file.

I hope this helps.

Regards,

Jeffron