NXLog

Supported OS Windows

Overview

Configure NXLog to gather logs from your host, containers, and services.

Setup

The following outlines the setup for log collection through HTTP endpoints and NXLog TLS encryption. For more information on logging endpoints, see Log Collection.

Log collection over HTTP

    ## Set the ROOT to the folder your nxlog was installed into,
    ## otherwise it won't start.
    #To change for your own system if necessary
    define ROOT C:\Program Files\nxlog
    #define ROOT_STRING C:\Program Files\nxlog
    #define ROOT C:\Program Files (x86)\nxlog
    Moduledir %ROOT%\modules
    CacheDir %ROOT%\data
    Pidfile %ROOT%\data\nxlog.pid
    SpoolDir %ROOT%\data
    LogFile %ROOT%\data\nxlog.log
    ##Extension to format the message in JSON format
    <Extension json>
        Module xm_json
    </Extension>
    ##Extension to format the message in syslog format
    <Extension syslog>
    Module xm_syslog
    </Extension>
    ########## INPUTS ###########
    ##Input for windows event logs
    <Input syslogs>
        Module      im_msvistalog
    ##For windows 2003 and earlier use the following:
    #    Module      im_mseventlog
    </Input>
    ############ OUTPUTS ##############
    ##HTTP output module
    <Output out>
        Module      om_http
        URL         
        Port        
        Exec        to_syslog_ietf();
        Exec        $raw_event="<DATADOG_API_KEY> "+$raw_event;
    </Output>
    ############ ROUTES TO CHOOSE #####
    <Route 1>
        Path        syslogs => out
    </Route>

NXLog TLS encryption

  1. Download the CA certificate.

  2. Add the om_ssl module in your NXLog configuration to enable secure transfer over port 10516:

    <Output out>
  Module  om_ssl
  Host    
  Port    
  Exec    to_syslog_ietf();
  Exec    $raw_event="my_api_key " + $raw_event;
  CAFile  <CERT_DIR>/ca-certificates.crt
  AllowUntrusted FALSE
</Output>

Troubleshooting

Need help? Contact Datadog support.