NXLog Agent platform differences

NXLog Agent is designed to work similarly on all operating systems. However, because each operating system is different, there are slight differences depending on where you install NXLog Agent.

Below, we highlight the differences between NXLog Agent installations on Windows, Linux, and macOS.

Installation packages

We provide the following NXLog Agent installation packages:

Microsoft Windows: An MSI package that you can use to install the agent manually or through a GPO on all Windows versions. We distribute the installation in a ZIP file for Windows Nano Server, which you’ll need to unpack on the server.
Linux: RMP and DEB packages for generic Linux and tarball (tar.bz2) files for specific OS flavors and versions.
macOS: A PKG file that is native to macOS operating systems.

The left navigation menu contains installation instructions for each operating system. Check Bulk-deploy NXLog Agent in the NXLog Platform User Guide for mass deployment options.

NXLog Agent path and service

The default installation path on Windows is C:\Program Files\nxlog\, while on Linux and macOS, it is /opt/nxlog/.

The installation creates an NXLog Agent service that is enabled by default and runs in the background. The way you manage the service depends on your operating system:

Microsoft Windows: Manage the NXLog Agent service from the Services MMC snap-in (services.msc) or via Group Policy.
Linux: Service management varies depending on the distribution. In most cases, you can control the services with one of the most common service management tools on Linux: systemd, SysVinit, or rcctl. For basic service management commands, see the NXLog Agent installation instructions for your operating system.
macOS: Manage the NXLog Agent service using the launchctl tool.

OS-specific modules

Some NXLog Agent modules are intended for OS-specific functionality and are only available on the respective operating system. The tables below list the most notable OS-specific modules.

Table 1. Microsoft Windows features and their corresponding NXLog Agent module
Feature	Module
Windows Event Log collection for Windows XP/2000/2003	im_mseventlog
Windows Event Log collection for Windows 2008/Vista/later	im_msvistalog
Monitor Windows Registry changes	im_regmon
Monitor Windows Performance Counters	im_winperfcount
Collect logs via Windows Event Forwarding	im_wseventing

Table 2. Linux features and their corresponding NXLog Agent module
Feature	Module
Collect process accounting logs	im_acct
Collect logs from the Linux Audit system	im_linuxaudit
Collec logs from the systemd journal	im_systemd
Collect logs over Unix Domain Sockets	im_uds
Send logs over Unix Domain Sockets	om_uds

Table 3. macOS features and their corresponding NXLog Agent module
Feature	Module
Collect Basic Security Module Auditing logs	im_bsm
Collect macOS Endpoint Security logs	im_maces
Collect logs from Apple’s unified logging system	im_maculs
Collect logs over Unix Domain Sockets	im_uds
Send logs over Unix Domain Sockets	om_uds