NXLog Plugins

Microsoft Windows includes different categories of logs (Security, System, or Application event logs) to record important software and hardware events, which you may want to correlate in Sheriff CSM. There are different ways to collect logs from Windows machines, Sheriff supports HIDS and NXLog. For HIDS instructions, including how to deploy HIDS agents, how to configure file integrity monitoring, as well as how to configure HIDS agent to read a log file on Windows, see Sheriff HIDS.

NXLog works similarly to syslog-ng or rsyslog but is not limited to UNIX/Linux systems. It supports multiple platforms including Microsoft Windows. Sheriff CSM has different NXLog plugins for different Microsoft and non-Microsoft products, for both the NXLog Community Edition and the NXLog Enterprise Edition. Click the corresponding link below for details.

Microsoft DHCP Server through NXLog

Microsoft DNS Server through NXLog

Microsoft Exchange Server through NXLog

Microsoft IIS through NXLog

Microsoft IIS FTP Server through NXLog

Microsoft IIS SMTP Server through NXLog

Microsoft NPS through NXLog

Microsoft SCOM through NXLog

Microsoft SQL Server through NXLog

Microsoft Sysmon through NXLog

Microsoft Windows Event Logs through NXLog

Microsoft Windows Firewall through NXLog

Netwrix Auditor through NXLog

ObserveIT through NXLog

Oracle through NXLog

Sophos Enterprise Console through NXLog

Wing FTP Server through NXLog