Windows Server - Integration Guide

This guide will show you how to integrate Windows server (or desktop) into the Secure60 platform.

Overview

This guide will explain how to transfer data to a Secure60 collector using NXlog. As always if you have any additional questions, don’t hesitate to contact Secure60 Support.

Install NXLog

  1. (Prerequisite) Install the Secure60 Collector
  2. Download the NXlog MSI file from the official website
  3. Install NXlog on your Windows server
  4. Modify the NXlog configuration file located at C:\Program Files\nxlog\conf\nxlog.conf with the following content:
<Input eventlog>
    Module      im_msvistalog
    Query       <QueryList>\
                    <Query Id="0">\
                        <Select Path="*"> *</Select>\
                    </Query>\
                </QueryList>
</Input>

<Output out>
    Module      om_tcp
    Host        <S60_COLLECTOR_IP_ADDRESS>
    Port        514
    Exec        $nxlog= "NXLOG";
    Exec        to_syslog_ietf();
    
</Output>

<Route 1>
    Path        eventlog => out
</Route>

Ensure you replace <S60_COLLECTOR_IP_ADDRESS> with the actual IP address of your Secure60 collector.

To restart the NXlog service, execute the following commands:

net stop nxlog
net start nxlog

To check the status of NXlog, use the command:

"C:\Program Files\nxlog\nxlog.exe" -v

Integrate with Secure60 Collector

To enable NXlog integration in the S60-collector, modify the .env file as follows:

ENABLE_NXLOG=true

Logs and alerts can be viewed in the Secure60 portal.

Back to top