Documentation Center
AlienVault® USM Anywhere™

Forward NXLog Messages Directly to the USM Anywhere Sensor

The simplest method to receive NXLog messages is to install NXLog CE on each Windows host and configure it to forward messages to the USM Anywhere Sensor.

To install NXLog CE and configure forwarding

  1. Download the newest stable NXLog Community Edition.
  2. Make a backup copy of the original C:\Program Files (x86)\nxlog\conf\nxlog.conf file and give it another name.
  3. Download the NXLog configuration for USM Anywhere and save it as your new nxlog.conf file.
  4. Open the configuration file for editing and replace usmsensoriphere with the IP address of the USM Anywhere Sensor.
  5. USM Anywhere listens for syslog at UDP port 514, TCP port 601, or TLS/TCP port 6514. Depending on the protocol you decide to use, edit the configuration file as detailed below. Make sure USM Anywhere allows inbound requests to the corresponding port.

  6. Some sections in the nxlog.conf file have been commented out to improve performance. Depending on which product you want to collect logs from, you need to uncomment the corresponding section. See specific plugin documentation for details.

  7. Save the file.
  8. Open Windows Services and restart the NXLog service.
  9. Open USM Anywhere and verify that you are receiving NXLog events.

Note: If you need to debug NXLog, open C:\Program Files (x86)\nxlog\data\nxlog.log.