• Support
  • Forums
  • Blogs

Nxlog w/ Windows Event Logs on Domain Controller

JRommJRomm

New Life Form
Hi All,

I recently deployed Alienvault OSSIM and installed Nxlog on a domain controller to forward Windows event logs to AV, also I set the plugin for Nxlog.  Nothing was showing up in the SIEM Events so I confirmed with a packet capture that logs were being sent.  Also I checked in /var/log/alienvault/devices and there is a folder there and events so AV is getting the event logs but seems to not be parsing or correlating them so that they are viewable in the web GUI.  I used the default Nxlog config that Alienvault has in this article: https://www.alienvault.com/documentation/usm-appliance/supported-plugins/configuring-nxlog.htm

Is there something I am missing that needs to be set for Windows event logs to show up in the 'Security Events (SIEM)'?

Thanks

Share post:

Answers

  • Hi,

    I also have the same issue with USM Anywhere and Nxlog in a domain Controller environment.
    did you find the solution?

    Thanks

  • Mine forwards logs fine, but it forwards so much logs, is there a template for Domain Controllers/DHCP/Web servers that we can start from?
Sign In or Register to comment.