...
Download and install the NXLog agent from the following location: https://nxlog.co/products/nxlog-community-edition/download.
Navigate to
services.mscand stop the nxlog service.Go to the folder C:\Program Files\nxlog\data and delete the file configcache.dat if it is present.
Navigate to the installed location C:\Program Files\nxlog\conf. Rename the attached NXLog_SQL.conf (
) file toView file name NXLog_SQL.conf nxlog.confand copy it into this folder.System Provider is different with respect to each customer configuration. System provider value should be mentioned as per customer configuration in
nxlog.conffile in line 42/43.Please also provide the same System Provider Value into Syslog Signature while onboarding this device.
Replace the placeholder CyberHub IP with the actual CyberHub IP Address in the
nxlog.conffile.Copy the certificate which you obtained from Adaptive MxDR team to windows machine where nxlog agent is installed and mention this cert path in
nxlog.confagainst CAFile at line number 73.Now, start the nxlog service from
services.msc.NXLog agent logs will be available at the location C:\Program Files\nxlog\data\nxlog.log.
The log flow should work, and you can check it using tcpdump with the command tcpdump -AA port 100146514.
As mentioned in pt. 5 and 6, please make sure to provide System Provider value in NXLOG.conf file in line 42 and also use the same value in syslog signature while onboarding this device.
...