一、简介
nxlog收集Windows系统日志,将Windows日志转换为syslog格式发送至日志服务器。
二、部署环境
系统:Windows Server
三、工具
nxlog-ce-2.11.2190.msi
下载地址:https://nxlog.co/products/nxlog-community-edition/download
四、部署过程
1、安装nxlog-ce-2.11.2190.msi,默认安装在C:\Program Files (x86)目录下
2、修改conf配置文件,默认配置文件在C:\Program Files (x86)\nxlog\conf目录下
Panic Softdefine ROOTC:\Program Files (x86)\nxlogdefine CERTDIR %ROOT%\certdefine CONFDIR %ROOT%\confdefine LOGDIR %ROOT%\datadefine LOGFILE %LOGDIR%\nxlog.logLogFile %LOGFILE%Moduledir %ROOT%\modulesCacheDir %ROOT%\dataPidfile %ROOT%\data\nxlog.pidSpoolDir %ROOT%\data<Extension _syslog>Modulexm_syslog</Extension><Extension _charconv>Modulexm_charconvAutodetectCharsets gbk, utf-8, euc-jp, utf-16, utf-32, iso8859-2</Extension><Extension _exec>Modulexm_exec</Extension><Extension _fileop>Modulexm_fileop<Schedule>Every 1 hourExec if (file_exists('%LOGFILE%') and \(file_size('%LOGFILE%') >= 5M)) \file_cycle('%LOGFILE%', 8);</Schedule><Schedule>When @weeklyExec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);</Schedule></Extension>#日志采集方式,默认全部采集<Input in>Moduleim_msvistalog#日志转换为utf-8编码格式Exec convert_fields("AUTO", "utf-8");</Input>#日志输出位置,Rsyslog服务器的IP地址和端口号<Output out>Module om_udpHost 192.168.2.21Port 514</Output><Route 1>Path in => out</Route>
3、启动Evtsys服务
net start nxlog
4、Win+R打开运行窗口,输入“services.msc”,查看nxlog服务是否正常运行
