Mezmo Log Management Overview
Manage Logs and Log Lines
Ingest Logs
View and Analyze Log Data
Manage Usage
Manage Organizations and Members
Security and Compliance
Other Mezmo Resources
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
NXLog
Copy Markdown
Open in ChatGPT
Open in Claude
Connect to Cursor
Connect to VS Code
NXLog is the workhorse of Windows logging plugins. You can use our configuration file for NXLog to set up the ingestion of Windows events logs to Mezmo.
Set Up NXLog Log Ingestion
Follow the instructions in the Mezmo Web App to set up NXLog log ingestion using your Mezmo syslog port and security certificate
- Log in to the Mezmo Web App.
- In the bottom section of the left-hand navigation, click Help.
- Select Add Log Sources.
- Under Via platform, click NXLog.
- Follow the instructions to set up NXLog log ingestion.
You can also get a copy of the NXLog configuration file from our GitHub repository.
Example NXLog Configuration File
Text
x
Panic Soft#NoFreeOnExit TRUEdefine ROOT C:\\Program Files (x86)\\nxlogdefine CERTDIR %ROOT%\\certdefine CONFDIR %ROOT%\\confdefine LOGDIR %ROOT%\\datadefine LOGFILE %LOGDIR%\\nxlog.logLogFile %LOGFILE%Moduledir %ROOT%\\modulesCacheDir %ROOT%\\dataPidfile %ROOT%\\data\\nxlog.pidSpoolDir %ROOT%\\data<Extension _syslog> Module xm_syslog</Extension><Extension _exec> Module xm_exec</Extension><Extension json> Module xm_json</Extension><Input internal> Module im_internal Exec $Message = to_json();</Input>############################################################################ This is just explicit version of internal input above ################################################################################### <Input nxlog># Module im_file# File '%LOGFILE%'# <Exec># $Message = $raw_event;# if $Message == '' drop();# $SourceName = substr(file_name(), size('%LOGDIR%') + 1);# </Exec># </Input>######################################################################## Define Directory for Making Substring Operationdefine LOGFOLDER C:\\ProgramData\\logs<Input filelog> Module im_file File '%LOGFOLDER%\\*.log' Recursive TRUE <Exec> $Message = $raw_event; if $Message == '' drop(); $SourceName = substr(file_name(), size('%LOGFOLDER%') + 2); </Exec></Input><Input eventlog> Module im_msvistalog <QueryXML> <QueryList> <Query Id='0'> <!--Select Path='Application'>*</Select--> <Select Path='System'>*</Select> <!--Select Path='Security'>*</Select--> </Query> </QueryList> </QueryXML> Exec $Message = to_json();</Input><Processor buffer> Module pm_buffer MaxSize 102400 Type disk</Processor><Output out> Module om_ssl Host syslog-a.logdna.com Port CUSTOM_PORT CAFile %CERTDIR%\ca.pem Exec to_syslog_ietf();</Output><Route 1> Path internal, filelog, eventlog => buffer => out</Route>You can add additional logfiles by creating a new <Input {name}> section that imitates the previous ones, and adding the name of that section to <Route 1> at the end.
Example for Tailing Additional Log Files
Text
<Input newlog> Module im_file File '%LOGDIR%\\example.log' Exec $Message = to_json();</Input>Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Last updated on
Was this page helpful?
Next to read:
OpenTelemetry ExporterDiscard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message