NXLog search
Let's talk Start free
Let's talk Start free

Microsoft Windows log sources

Check out some of the logs you can collect with NXLog Agent on Microsoft Windows.

1.03

Operating system logs

  • inspect Event Tracing for Windows Collect kernel and user-mode application trace logs from ETW providers.

  • verified File Integrity Monitoring Monitor file and directory changes with NXLog Agent.

  • counter Performance Counters Monitor and record Windows Performance Counters.

  • powershell PowerShell Collect PowerShell activity logs or extend NXLog Agent’s functionality with PowerShell.

  • flow Sysmon Collect Sysinternals System Monitor logs from Windows Event Log.

  • encrypted Windows AppLocker Collect Windows AppLocker logs from Windows Event Log.

  • windows Windows Event Log Collect Windows events locally or remotely.

  • history Windows Registry Monitor and record Windows Registry key changes.

  • instrumentation WMI Collect Windows Management Instrumentation activity logs from a file, Windows Event Log, or ETW.

Microsoft server logs

  • audit Microsoft Active Directory Collect domain controller security logs from Windows Event Log and DCPROMO logs for troubleshooting.

  • exchange Microsoft Exchange Collect Microsoft Exchange transport, error, and diagnostic logs from files and Windows Event Log.

  • cloud share Microsoft IIS Collect Microsoft IIS access and error logs in the IIS, W3C, and NCSA log file formats.

  • add Microsoft SharePoint Collect various Microsoft SharePoint logs, including audit, usage, and diagnostic logs.

  • database Microsoft SQL Server Collect MSSQL audit and error logs from a file or Windows Event Log.

  • server Windows DHCP Server Collect file-based DHCP audit logs and DHCP server and client events from Windows Event Log.

  • chart Windows DNS Server Collect DNS logs from sources such as ETW providers, debug log files, DNS query logs, and Windows Event Log.

Network applications

  • remote Microsoft RRAS Collect Routing and Remote Access Service logs, including Network Policy Server (NPS), DirectAccess, and Web Application Proxy logs.

  • switch Microsoft SCOM Collect Microsoft System Center Operations Manager server and client logs.

  • firewall Windows Firewall Collect Windows Firewall security and audit logs from a file, Windows Event Log, or the ETW provider.

  • tree WSFC Collect Windows Server Failover Clustering logs from Windows Event Log or the ETW providers.

Other log sources

  • database Databases Collect logs from database servers via ODBC, including Oracle Database, and MariaDB.

  • app .NET Applications Send logs to NXLog Agent from your .NET applications.

  • file Log Files Collect file-based logs in any format, such as JSON, XML, and CSV, and parse them with one of the specialized extensions.

  • network Network Packet Capture Collect and parse network traffic by capturing packets from a network interface or a file.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS