circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Use NXLog for Windows

After enabling and receiving DHCP and DNS logs in the file path you designated, you must configure. Logpoint only supports JSON logs for Windows. We recommend you use the Logpoint or NXLog Agent to generate logs in JSON format.

circle-info

Logpoint requires JSON-formatted logs for Windows. Use the Logpoint or NXLog Agent to produce JSON logs.

The NXLog sample configuration file for Windows is:

nxlog.conf
##This is a sample configuration file. See the nxlog reference manual about the

## configuration options. It should be installed locally and is also available

## online at http://nxlog.org/docs/

## Please set the ROOT to the folder your nxlog was installed into,

## otherwise it will not start.

## define ROOT C:\Program Files\nxlog

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules

CacheDir %ROOT%\data

Pidfile %ROOT%\data\nxlog.pid

SpoolDir %ROOT%\data

LogFile %ROOT%\data\nxlog.log

 <Extension _syslog>

    Module xm_syslog

</Extension>

<Extension _json>

    Module xm_json

</Extension>

## Module for DHCP logs csv parsing, un comment only if needed

## <Extension ParseDHCP>

## Module  xm_csv

## Fields $EventID ,$Date ,$Time ,$Description ,$IPAddress ,$ReportedHostname ,$MACAddress ,$User ,$TransactionID ,$QResult ,$Probationtime ,$CorrelationID ,$DhcID ,$VendorClassHex ,$VendorClassASCII ,$UserClassHex ,$UserClassASCII ,$RelayAgentInformation ,$DnsRegError

## Delimiter   ','

## </Extension>

<Input in_win>

    Module im_msvistalog

    <QueryXML>

        <QueryList>

            <Query Id="0">

##                 <Select Path="Microsoft-Windows-Sysmon/Operational">*</Select>

                <Select Path="Application">*</Select>

                <Select Path="System">*</Select>

                <Select Path="Security">*</Select>

            </Query>

        </QueryList>

    </QueryXML>

</Input>

##  <Input in_dhcp>

##     Module im_file

##     File 'C:\\Windows\\dhcp\\DhcpSrvLog-Wed.log'

##     SavePos TRUE

##     InputType LineBased

##     ReadFromLast TRUE

##         Exec if $raw_event =~ /^[0-9][0-9],/{\

##             ParseDHCP->parse_csv();\

##             $EventTime = strptime($Date + ' ' + $Time, '%m/%d/%y %H:%M:%S');

##             $SourceName = "DHCPEvents";\

##         }\

##     else drop();

## </Input>

## <Output out_dhcp>

##     Module om_tcp

##         Host 192.168.4.230

##         Port 514

##         Exec $raw_event=to_json();to_syslog_bsd();

## </Output>

<Output out_win>

    Module om_tcp

        Host 192.168.4.230 ## Enter your IP

        Port 514

        Exec to_json();$Message=$raw_event;to_syslog_bsd();

</Output>

## <Route 1>

##     Path in_dhcp => out_dhcp

## </Route>

<Route 2>

    Path in_win => out_win

</Route>

We do our best to ensure that the content we provide is complete, accurate and up to date. Logpoint makes no representations or warranties of any kind, express or implied about the documentation. We update it on a best-effort basis.

Last updated

Was this helpful?