Use our NXLog configuration to get Windows logs into LogDNA securely, quickly, and reliably.
Follow the steps to use NXLog for forwarding your Windows logs to LogDNA:
- Install
NXLog Community Editionfrom here, or - Run
choco install -y nxlogonPowerShell(make surechocohas been installed before running this command)
- Copy
nxlog.confto$NXLOGDIR\conf\nxlog.confwhereNXLOGDIRis the directory wherenxlogis installed in - Modify
nxlog.confas described below:- Make sure to replace
CUSTOM_PORTon line 84 with a provisioned custom port which can be obtained in the account-tailored add a log source instructions - Windows Event Logging is captured here:
- Uncomment the lines to enable logging from the specified channels
- Comment out the lines to disable logging from the specified channels
- Add custom channels to enable logging from into the same
Queryblock
- Windows File Logging is capture here:
- All
input,processor, andoutputchannels are connected inrouteblock:- Comment out the whole block and remove from the
routeto disable logging from specificinputchannel - Add new
inputmodules with unique names to be added to therouteto enable logging from new sources
- Comment out the whole block and remove from the
- Make sure to replace
- Download
ld-root-ca.crtfrom here to$NXLOGDIR\cert\ca.pem, or - Run the following
PowerShellscript:
$url = "https://assets.logdna.com/rootca/ld-root-ca.crt"
$output = "$NXLOGDIR\cert\ca.pem"
(New-Object System.Net.WebClient).DownloadFile($url, $output)- Run
nssm start nxlogonPowerShellto startNXLog - Run
nssm restart nxlogonPowerShellto get new configurational changes applied - Run
nssm stop nxlogonPowerShellto stopNXLog
Contributions are always welcome. See the contributing guide to learn how you can help. Build instructions for the agent are also in the guide.