Operating system logs
-
Event Tracing for Windows Collect kernel and user-mode application trace logs from ETW providers.
-
File Integrity Monitoring Monitor file and directory changes with NXLog Agent.
-
Performance Counters Monitor and record Windows Performance Counters.
-
PowerShell Collect PowerShell activity logs or extend NXLog Agent’s functionality with PowerShell.
-
Sysmon Collect Sysinternals System Monitor logs from Windows Event Log.
-
Windows AppLocker Collect Windows AppLocker logs from Windows Event Log.
-
Windows Event Log Collect Windows events locally or remotely.
-
Windows Registry Monitor and record Windows Registry key changes.
-
WMI Collect Windows Management Instrumentation activity logs from a file, Windows Event Log, or ETW.
Microsoft server logs
-
Microsoft Active Directory Collect domain controller security logs from Windows Event Log and DCPROMO logs for troubleshooting.
-
Microsoft Exchange Collect Microsoft Exchange transport, error, and diagnostic logs from files and Windows Event Log.
-
Microsoft IIS Collect Microsoft IIS access and error logs in the IIS, W3C, and NCSA log file formats.
-
Microsoft SharePoint Collect various Microsoft SharePoint logs, including audit, usage, and diagnostic logs.
-
Microsoft SQL Server Collect MSSQL audit and error logs from a file or Windows Event Log.
-
Windows DHCP Server Collect file-based DHCP audit logs and DHCP server and client events from Windows Event Log.
-
Windows DNS Server Collect DNS logs from sources such as ETW providers, debug log files, DNS query logs, and Windows Event Log.
Network applications
-
Microsoft RRAS Collect Routing and Remote Access Service logs, including Network Policy Server (NPS), DirectAccess, and Web Application Proxy logs.
-
Microsoft SCOM Collect Microsoft System Center Operations Manager server and client logs.
-
Windows Firewall Collect Windows Firewall security and audit logs from a file, Windows Event Log, or the ETW provider.
-
WSFC Collect Windows Server Failover Clustering logs from Windows Event Log or the ETW providers.
Other log sources
-
Databases Collect logs from database servers via ODBC, including Oracle Database, and MariaDB.
-
.NET Applications Send logs to NXLog Agent from your .NET applications.
-
Log Files Collect file-based logs in any format, such as JSON, XML, and CSV, and parse them with one of the specialized extensions.
-
Network Packet Capture Collect and parse network traffic by capturing packets from a network interface or a file.