1. Logpoint Service Desk
  2. Community
  3. Data Integration

WIndows Logs

Avatar
Follow
0

We would like to send log files from a directory such as C:\Logs to our logpoint server.
What needs to be entered in nxlog.conf?

Share This Post:

2 comments

Date Votes
0
Avatar
Nils Krumrey

We don’t normally work directly with nxlog.conf (or nxlog) anymore, but the NXLog documentation is probably the best place for anything to do with it - specifically the file directive is documented here: https://docs.nxlog.co/refman/current/im/file.html . It also has a few examples, so hopefully that helps.

0
Avatar
Kai Gustafson

Hi Ronny, this will get you going with your task. :)

## LB Forsikring logs til Eget LogPoint system E-Boks Kviterings filer v 2.0
## Kai Gustafson 08/05-2023
## comments
## 64 Bit Version
define ROOT C:\Program Files\nxlog
ModuleDir %ROOT%\modules
CacheDir  %ROOT%\data
PidFile   %ROOT%\data\nxlog.pid
SpoolDir  %ROOT%\data
define Cdrive C:\Logs
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf

# Note that these two lines define constants only; the log file location
# is ultimately set by the `LogFile` directive (see below). The
# `MYLOGFILE` define is also used to rotate the log file automatically
# (see the `_fileop` block).
define LOGDIR %ROOT%\data
define MYLOGFILE %LOGDIR%\nxlog.log

# By default, `LogFile %MYLOGFILE%` is set in log4ensics.conf. This
# allows the log file location to be modified via NXLog Manager. If you
# are not using NXLog Manager, you can instead set `LogFile` below and
# disable the `include` line.
LogFile %MYLOGFILE%
#include %CONFDIR%\log4ensics.conf

<Extension _syslog>
Module  xm_syslog
</Extension>

<Extension _json>
Module xm_json
</Extension>

#Get C-drive logs files
<Input CdriveLogs>
Module    im_file
File        '%Cdrive%\*.log'
SavePos TRUE
ReadFromLast TRUE
PollInterval 1
</Input>

#Internal NXlog messages
<Input Internal>
Module im_internal
</Input>

<Input EventLog>
Module im_msvistalog
# By default we collect 'Application', 'System', and 'Security'
Query <QueryList> \
<Query Id="0"> \
<Select Path="Microsoft-Windows-Sysmon/Operational">*</Select> \
<Select Path="Application">*</Select> \
<Select Path="System">*</Select> \
<Select Path="Security">*</Select> \
</Query> \
</QueryList>
Exec $Hostname   = hostname_fqdn();
</Input>

#Syslog to LogPoint server
<Output out>
Module      om_udp
Host        xx.xx.xx.xx:514
Exec         to_json();$Message=$raw_event;to_syslog_bsd();
</Output>

<Output Cdrive_out>
Module      om_udp
Host        xx.xx.xx.xx:514
Exec        $SourceName = 'CdriveFiles';
Exec        to_syslog_bsd();
</Output>

<Route 1>
Path        eventlog, internal => out
</Route>

<Route 2>
Path        CdriveLogs => Cdrive_out
</Route>

Regards Kai

Please sign in to leave a comment.