Operating system logs

  • inspect Event Tracing for Windows Collect kernel and user-mode application trace logs from ETW providers.

  • verified File Integrity Monitoring Monitor file and directory changes with NXLog Agent.

  • counter Performance Counters Monitor and record Windows Performance Counters.

  • powershell PowerShell Collect PowerShell activity logs or extend NXLog Agent’s functionality with PowerShell.

  • flow Sysmon Collect Sysinternals System Monitor logs from Windows Event Log.

  • encrypted Windows AppLocker Collect Windows AppLocker logs from Windows Event Log.

  • windows Windows Event Log Collect Windows events locally or remotely.

  • history Windows Registry Monitor and record Windows Registry key changes.

  • instrumentation WMI Collect Windows Management Instrumentation activity logs from a file, Windows Event Log, or ETW.

Microsoft server logs

  • audit Microsoft Active Directory Collect domain controller security logs from Windows Event Log and DCPROMO logs for troubleshooting.

  • exchange Microsoft Exchange Collect Microsoft Exchange transport, error, and diagnostic logs from files and Windows Event Log.

  • cloud share Microsoft IIS Collect Microsoft IIS access and error logs in the IIS, W3C, and NCSA log file formats.

  • add Microsoft SharePoint Collect various Microsoft SharePoint logs, including audit, usage, and diagnostic logs.

  • database Microsoft SQL Server Collect MSSQL audit and error logs from a file or Windows Event Log.

  • server Windows DHCP Server Collect file-based DHCP audit logs and DHCP server and client events from Windows Event Log.

  • chart Windows DNS Server Collect DNS logs from sources such as ETW providers, debug log files, DNS query logs, and Windows Event Log.

Network applications

  • remote Microsoft RRAS Collect Routing and Remote Access Service logs, including Network Policy Server (NPS), DirectAccess, and Web Application Proxy logs.

  • switch Microsoft SCOM Collect Microsoft System Center Operations Manager server and client logs.

  • firewall Windows Firewall Collect Windows Firewall security and audit logs from a file, Windows Event Log, or the ETW provider.

  • tree WSFC Collect Windows Server Failover Clustering logs from Windows Event Log or the ETW providers.

Other log sources

  • database Databases Collect logs from database servers via ODBC, including Oracle Database, and MariaDB.

  • app .NET Applications Send logs to NXLog Agent from your .NET applications.

  • file Log Files Collect file-based logs in any format, such as JSON, XML, and CSV, and parse them with one of the specialized extensions.

  • network Network Packet Capture Collect and parse network traffic by capturing packets from a network interface or a file.